perlÒ»¸ö¼òµ¥mysql²Ù×÷µÄС³ÌÐò
#!/usr/bin/perl
use Mysql;
print "Content-type:
text/html \n\n";
# MySQL
ÅäÖñäÁ¿
$host = "localhost";
$database
= "testdb";
$tablename = "testtable";
$user = "username";
$pw =
"password";
# PERL MYSQL CONNECT()
$connect = Mysql->connect($host,
$database, $user, $pw);
# SELECT
DB
$connect->selectdb($database);
# ¶¨ÒåMySQL²éѯ
$myquery = "INSERT
INTO
$tablename (id, product, quantity)
VALUES
(DEFAULT,'pineapples','15')";
# Ö´Ðвéѯ
$execute =
$connect->query($myquery);
# Ó°ÏìÐÐ
$affectedrows =
$execute->affectedrows($myquery);
# ×îºóÒ»¸öInsertµÄID
$lastid =
$execute->insertid($myquery);
print $affectedrows."<br
/>";
print $lastid."<br />";
Ïà¹ØÎĵµ£º
by ZaraByte
How to do a SQL Injection for MYSQL Server 5.0+
1. Find a vulnerable add a ‘ at the end of the site example: news.php?id=1 add a ‘ at the end of the 1 and see if you get a syntax error
2. order by #–
Keep upping the # until you get an error.
3. union all select 1 ......
Èç¹ûÄãÊǸöÈü³µÊÖ²¢ÇÒ°´Ò»Ï°´Å¥¾ÍÄܹ»Á¢¼´¸ü»»ÒýÇæ¶ø²»ÐèÒª°Ñ³µ¿ªµ½³µ¿âÀïÈ¥»»£¬ÄÇ»áÊÇÔõô¸Ð¾õÄØ£¿MySQLÊý¾Ý¿âΪ¿ª·¢ÈËÔ±Ëù×öµÄ¾ÍºÃÏñÊÇ°´°´Å¥»»ÒýÇ棻ËüÈÃÄãÑ¡ÔñÊý¾Ý¿âÒýÇ棬²¢¸øÄãÒ»Ìõ¼òµ¥µÄ;¾¶À´Çл»Ëü¡£
MySQL µÄ×Ô´øÒýÇæ¿Ï¶¨Êǹ»ÓÃÁË£¬µ«ÊÇÔÚÓÐЩÇé¿öÏ£¬ÆäËûµÄÒýÇæ¿ÉÄÜÒª±ÈÊÖÍ·ËùÓøüÊʺÏÍê³ÉÈÎÎñ¡£Èç¹ûÔ¸Ò ......
MSSQL:select Right(sys.fn_VarBinToHexStr(hashbytes('MD5', '123456')),32)
MSSQL16λ:select Right(sys.fn_VarBinToHexStr(hashbytes('MD5', '123456')),16)
MySQL:select md5('123456')
.NET:string ½á¹û×Ö·û´®=System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFil ......
Ò»¡¢½¨±í
DROP TABLE IF EXISTS `user`;
CREATE TABLE `user` (
`ID` int(11) NOT NULL auto_increment,
`NAME` varchar(16) NOT NULL default '',
`REMARK` varchar(16) NOT NULL default '',
PRIMARY KEY (`ID`)
) ENGINE=InnoDB AUTO_INCREMENT=24 DEFAULT CHARSET=utf8;
&nb ......
