sql注入"union select null"； [英] sql injection "union select null"

问题描述

你好

UNION SELECT NULL，NULL，
来自INFORMATION_SCHEMA.TABLES的NULL，NULL，NULL，NULL，NULL

一个包含三个表的小型数据库

该指令在我尝试过的sql注入中使用，并且有效
但我真的不知道它是如何工作的
有人可以帮我吗
感谢所有人

hello

UNION SELECT NULL, NULL,
NULL, NULL, NULL, NULL, NULL FROM INFORMATION_SCHEMA.TABLES

for a small database containing three tables

this instruction is used in sql injection I tried it and it worked
but I didn''t really know how it works
can somebody help me
thanks all

推荐答案

您用谷歌搜索吗?它只收集行表组合的空值(按行).查看更多..
http://www.evilsql.com/main/page3.php [

Do you google it? It simply collects null values(row-wise) combining the tables of a database.See more..
http://www.evilsql.com/main/page3.php[^]

Ridoy指向显示示例的页面这样的攻击.但是对于不了解背景的人来说，这个例子可能有点冷淡.
黑客首先添加"UNION SELECT ALL 1--".当您执行UNION查询时，查询的两个SELECT语句必须具有相同的列数.
也就是说，黑客希望有一个类似
的查询

Ridoy pointed to a page showing an example of such an attack. But the example could be a little cryotic for someone who does not understand the background.
The hacker starts with adding a " UNION SELECT ALL 1--". When you do a UNION query, both SELECT statements of the query must have the same number of columns.
That is, the hacker expects a query like

SELECT some columns
FROM ATable
WHERE AColumn=

然后只附加查询字符串中的值.因此，这将导致

and then the value from the query string is just appended. Hence that would result in

SELECT some columns
FROM ATable
WHERE AColumn=1 UNION SELECT ALL 1--

当原始查询选择多个列时，该查询会导致您在评论Ridoy的答案中显示错误消息.然后，黑客将更多列"添加到其UNION语句中，直到没有显示错误为止:然后，他知道所选的列数.
您可以在耻辱大厅中讨论的页面上测试您的SQL注入技能:恶魔岛〜旅游网站 [ ^ ] .它们似乎有很多列，因此在Evil SQL的另一页上显示的SQL错误攻击效率更高.

The query causes the error message you show in your comment to Ridoy''s answer when the original query selects more than one column. Then the hacker adds more "columns" to his UNION statement, until no error is shown: then he knowsthe number of columns selected.
You may test your SQL injection skills with a page discussed in the Hall of Shame: Alcatraz ~ the tourist website[^]. They seem to have many columns, so the SQL error attack shown on another page of Evil SQL is more productive.

这篇关于sql注入"union select null"；的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！