Javaµ÷Óô洢¹ý³Ì(MySqlÊý¾Ý¿â)
Ò»¡¢½¨±í
DROP TABLE IF EXISTS `user`;
CREATE TABLE `user` (
`ID` int(11) NOT NULL auto_increment,
`NAME` varchar(16) NOT NULL default '',
`REMARK` varchar(16) NOT NULL default '',
PRIMARY KEY (`ID`)
) ENGINE=InnoDB AUTO_INCREMENT=24 DEFAULT CHARSET=utf8;
¶þ¡¢½¨Á¢´æ´¢¹ý³Ì
1¡¢»ñÈ¡Óû§ÐÅÏ¢
CREATE DEFINER=`root`@`localhost` PROCEDURE `getUserList`()
BEGIN
select * from user;
END;
2¡¢Í¨¹ý´«Èë²ÎÊý´´½¨Óû§
CREATE DEFINER=`root`@`localhost` PROCEDURE `insertUser`(nameVar varchar(16),remarkVar varchar(16))
BEGIN
insert into user(name,remark) values(nameVar,remarkVar);
END;
Èý¡¢µ÷ÓÃ
1¡¢»ñÈ¡Óû§ÐÅÏ¢
Class.forName("org.gjt.mm.mysql.Driver").newInstance();
String url ="jdbc:mysql://localhost/temp?user=root&password=root";
Connection conn = DriverManager.getConnection(url);
String proc = "call getUserList()";
CallableStatement cs = conn.prepareCall(proc);
rs = cs.executeQuery();
while(rs.next()){
System.out.println(rs.getString(2)+" "+rs.getString(3));
}
2¡¢Í¨¹ý´«Èë²ÎÊý´´½¨Óû§
Connection conn = DriverManager.getConnection(url);
String proc = "call insertUser(?,?)";
CallableStatement cs = conn.prepareCall(proc);
cs.setString(1, "LINRZ");
cs.setString(2, "REMARK");
cs.execute();
Ïà¹ØÎĵµ£º
#include <winsock2.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <mysql.h>
#pragma comment(lib,"libmysql")
int _tmain(int argc, _TCHAR* argv[])
{
MYSQL* mysql;
MYSQL_RES* results;
MYSQL_ROW record;
mysql = mysql_init(NULL);
if(! ......
mysql 5.0´æ´¢¹ý³Ìѧϰ×ܽá
Ò».´´½¨´æ´¢¹ý³Ì
1.»ù±¾Óï·¨£º
create procedure sp_name()
begin
………
end
2.²ÎÊý´«µÝ
¶þ.µ÷Óô洢¹ý³Ì
1.»ù±¾Óï·¨£ºcall sp_name()
×¢Ò⣺´æ´¢¹ý³ÌÃû³ÆºóÃæ±ØÐë¼ÓÀ¨ºÅ£¬ÄÄŸô洢¹ý³ÌûÓвÎÊý´«µÝ
Èý.ɾ³ý´æ´¢¹ý³Ì
1.»ù±¾Óï·¨£º
drop procedure sp_name// ......
mysqlÉèÖÃÃÜÂëºÍÐÞ¸ÄÃÜÂ룺
/usr/local/mysql/bin/mysqladmin -uroot password 123456 µÚÒ»´ÎÉèÃÜÂë¡£
mysqladmin -uroot -p password mypasswd ÐÞ¸ÄÃÜÂë
ÊäÈëÕâ¸öÃüÁîºó£¬ÐèÒªÊäÈërootµÄÔÃÜÂ룬ȻºórootµÄÃÜÂ뽫¸ÄΪmypasswd¡£
¾ÍÊÇmysql5µ¼³öµÄÓÐdefault-charactµÄÉèÖã¬mysql4²»Ö§³Ö£¬ÐèÒª¼Óskip-opt²ÎÊý£¬È磺
my ......
by ZaraByte
How to do a SQL Injection for MYSQL Server 5.0+
1. Find a vulnerable add a ‘ at the end of the site example: news.php?id=1 add a ‘ at the end of the 1 and see if you get a syntax error
2. order by #–
Keep upping the # until you get an error.
3. union all select 1 ......
Èç¹ûÄãÊǸöÈü³µÊÖ²¢ÇÒ°´Ò»Ï°´Å¥¾ÍÄܹ»Á¢¼´¸ü»»ÒýÇæ¶ø²»ÐèÒª°Ñ³µ¿ªµ½³µ¿âÀïÈ¥»»£¬ÄÇ»áÊÇÔõô¸Ð¾õÄØ£¿MySQLÊý¾Ý¿âΪ¿ª·¢ÈËÔ±Ëù×öµÄ¾ÍºÃÏñÊÇ°´°´Å¥»»ÒýÇ棻ËüÈÃÄãÑ¡ÔñÊý¾Ý¿âÒýÇ棬²¢¸øÄãÒ»Ìõ¼òµ¥µÄ;¾¶À´Çл»Ëü¡£
MySQL µÄ×Ô´øÒýÇæ¿Ï¶¨Êǹ»ÓÃÁË£¬µ«ÊÇÔÚÓÐЩÇé¿öÏ£¬ÆäËûµÄÒýÇæ¿ÉÄÜÒª±ÈÊÖÍ·ËùÓøüÊʺÏÍê³ÉÈÎÎñ¡£Èç¹ûÔ¸Ò ......
