Shulou(Shulou.com)05/31 Report--

This article mainly introduces "how to inject variables into MySQL". In daily operation, I believe many people have doubts about how to inject variables into MySQL. The editor consulted all kinds of data and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the doubts about "how to inject variables into MySQL". Next, please follow the editor to study!

Version () can be written as @ @ version to read version as a variable, which can also be obtained, other built-in can not be written in the form of variables.

Everyone should have used the injection site that uses pangolin to inject into the mysql library, and serious friends should know that they can get the information of basedir and datadir. In fact, there are more variables that can be used during injection.

I've compiled a few that can be used during injection to collect more configuration information about mysql.

@ @ have_openssl YES if mysqld supports SSL (encryption) of the client / server protocol

@ @ version_compile_os determines the type of system

The maximum size of the @ @ max_allowed_packet package or any generated / intermediate string

@ @ max_user_connectionsMySQL account allows the maximum number of simultaneous connections. 0 means there is no limit.

@ @ skip_networking if the server only allows local (non-TCP/IP) connections, the value is ON

@ @ table_type default table type (storage engine)

@ @ basedirMySQL installation base directory

@ @ character_set_database the character set used by the default database

@ @ where the datadir database is stored

@ @ expire_logs_ days binary logs are automatically deleted. The default is 0, which means "no automatic deletion".

@ @ group_concat_max_len allows the maximum length of the result of the group_concat () function

@ @ location of the log_error error log

@ @ lower_case_file_system this variable indicates whether the file system where the data directory resides is case-sensitive.

ON indicates that it is not sensitive to the case of file names, while OFF indicates sensitivity.

@ @ lower_case_table_names if set to 1, the table name is saved to the hard disk in lowercase, and the table name comparison is not case-sensitive.

How does MySQL inject utilized variables?

If set to 2, save the table name as specified, but compare it in lowercase

@ @ the path to the plug-in directory of plugin_dir

@ @ tmpdir directory where temporary files and tables are saved

@ @ tmp_table_size if the temporary table in memory exceeds this value, MySQL automatically converts it to a MyISAM table on the hard disk

@ @ sql_mode the sql mode of the current server

@ @ tx_isolation default transaction isolation level. The default value is REPEATABLE-READ

@ @ the number of times Connections connects to the mysql database server (regardless of success or failure)

@ @ max_write_lock_count maximum number of write locks

@ @ old_passwords whether mysql323 encryption is enabled (that is, the hash of the mysql user password is 16 bits)

@ @ time that the Uptime server has been running

Among them, I feel that the four variables basedir/version_compile_os/log_error/group_concat_max_len play a great role. Look at the gaze above.

The variable group_concat_max_len refers to the return character length of group_concat (), so pay attention to the length limit when using group_concat () to inject.

The use of the tips:group_concat () function is as follows

Urland1=2unionselect1,group_concat (schema_name), 3. 4 frominformationschema.schemata

In this way, all the database names of the current users can be displayed, and the injection table name, field name and field properties can be used, which saves a lot of physical work.

At the same time, group_concat () can also bypass the reality that you cannot use limit, and of course, if you are not tired, you can use the form of "! =" to bypass the limitations of limit.

At this point, the study of "how to inject the utilized variables into MySQL" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.