Use MySQL database injection points to obtain more information and practices

The following article describes how to use the MySQL database injection point to obtain more information about the MySQL database. We all know that when the input point of the MySQL database is injected, we can use the built-in functions such as version () user () database () password () to obtain information about the MySQL database. In fact, during the injection

The following article describes how to use the MySQL database injection point to obtain more information about the MySQL database. We all know that when the input point of the MySQL database is injected, we can use the built-in functions such as version ()/user ()/database ()/password () to obtain information about the MySQL database. In fact, during the injection

The following article describes how to use the MySQL database injection point to obtain more information about the MySQL database. We all know that when the input point of the MySQL database is injected, we can use the built-in functions such as version ()/user ()/database ()/password () to obtain information about the MySQL database.

In fact, we can use MySQL built-in variables to get more MySQL information during injection.

The version () can be written as @ version to read the version as a variable. In this way, other built-in variables cannot be written as variables.

Everyone should have used pangolin to inject injection points into the MySQL database. Serious friends should know the information about the two variables basedir and datadir, in fact, more variables can be used during injection.

I sorted out a few items that can be used during injection and collected