SQL Injection Learning Note 2

Mysql has a self-information_schema database In addition to the database that was created .

It provides a way to access the metadata, which is the description of the data.

which holds about Information for all other databases maintained by the MySQL server. such as database name, database table, table column data type and access permissions, etc.

INFORMATION_SCHEMA database table Description :

schemata Table : Provides information for all databases in the current MySQL instance. This table is the result of show databases .

Tables Table : Provides information about the tables in the database, including views. Describes in detail which schema, table type, table engine, creation time, and so on, a table belongs to. This table is the result of show tables from SchemaName .

Columns table: provides the column information in the table. Describes in detail all the columns of a table and the information for each column. This table is the result of show columns from Schemaname.tablename.

Statistics Table : Provides information about the index of a table. This table is the result of show index from Schemaname.tablename.

User_privileges(User Rights) Table: gives information about the full range of permissions. This information is derived from the mysql.user authorization form. Non-standard tables.

Schema_privileges(Program permissions) Table: Provides information about schema (database) permissions. This information is from the mysql.db authorization form. Non-standard tables.

Table_privileges(Table permissions) Table: Gives information about table permissions. This information is derived from the mysql.tables_priv authorization form. Non-standard tables.

Column_privileges(column permissions) Table: Gives information about column permissions. This information is derived from the mysql.columns_priv authorization form. Non-standard tables.

Character_sets(character set) Table: provides information about the available character sets for MySQL instances. This table is the SHOW CHARACTER set result set.

Collations Table: provides cross-reference information about each character set.

Collation_character_set_applicability Table : Indicates the character set that can be used for proofreading. These columns are equivalent to the first two display fields of show COLLATION.

Table_constraints table: A table describing the existence of constraints. And the constraint type of the table.

Key_column_usage Table: describes the key columns that have constraints.

ROUTINES Table: provides information about storing subroutines (stored programs and functions). At this point, theROUTINES table does not contain a custom function (UDF). a column named " mysql.proc name" indicates the corresponding information_schema. the mysql.proc table column for the ROUTINES table .

Views table: gives information about the view in the database. You need to have show views permission, otherwise you cannot view the view information.

TRIGGERS Table: provides information about the triggering program. You must have Super privileges to view the table

here is a blog listing a lot of MySQL functions, do not understand can be found here

Https://www.cnblogs.com/kissdodog/p/4168721.html

A look at the snow given an example, you can try

Https://bbs.pediy.com/thread-219096.htm

Left (S,n)

Returns the first n characters of a string s SELECT left (' ABCDE ', 2)--AB

Regular matching regexp in SQL queries

The REGEXP is treated as a regular expression.

Http://127.0.0.1/sqllib/Less-5/?id=1 ' and 1= (select 1 from information_schema.columns where table_name= ' users ' and column_name regexp ' ^username ' limit 0,1)--+

This statement detects if a username column exists in the users table

Ord () returns the ASCII code of the character

M ID () with Subtr,mid (S,n,len)

Ifnull (v1,v2) function

if the value of V1 is not NULL, v1is returned, otherwise v2is returned.

converting data types

• CAST (x as type)
• CONVERT (X,type)

These two functions are only for BINARY,CHAR,DATE,DATETIME,time, signed integer,UNSIGNED integer.

Http://127.0.0.1/sqlilabs/less-5/?id=1 ' and Ord (Mid ((select Ifnull (CAST (username as char), 0x20) from Security.users Order by ID limit 0,1), 1, 1) =68--+

gets The ASCII of the first character of the first line in username, compared to the.

Group by statement

The group BY statement is used to combine aggregate functions to group result sets based on one or more columns http://www.w3school.com.cn/sql/sql_groupby.asp

Floor (x)

Returns the largest integer less than or equal to x SELECT Floor (1.5)-- return 1

returns a pseudo-random float between 0 and 1(excluding 0 and 1) value .

RAND ([seed])

Seed

An integer expression (tinyint, smallint, or int) that provides the seed value. If seed is not specified, the SQL Server database engine randomly assigns a seed value. The returned result is always the same for the specified seed value.

return type

Float

SQL SELECT DISTINCT statement

in the table, duplicate values may be included. That's not a problem, but sometimes you might want to just list different values (distinct).

Key Words The DISTINCT is used to return only different values.

SQL Injection Learning Note 2