0x00 information_schema
这个表(视图)是在MySQL5以后的才有的,现在MySQL4应该是很少了,所以都围绕着MySQL5来讲解,information_schema是用于存储数据库元数据的表,它保存了数据库名,表名,列名等信息,让我们从爆破表名到了可以直接查询。mysql> show tables; +———————————————————-+ | Tables_in_information_schema | +———————————————————-+ | CHARACTER_SETS | | COLLATIONS | | COLLATION_CHARACTER_SET_APPLICABILITY | | COLUMNS | | COLUMN_PRIVILEGES | | ENGINES | | EVENTS | | FILES | | GLOBAL_STATUS | | GLOBAL_VARIABLES | | KEY_COLUMN_USAGE | | OPTIMIZER_TRACE | | PARAMETERS | | PARTITIONS | | PLUGINS | | PROCESSLIST | | PROFILING | | REFERENTIAL_CONSTRAINTS | | ROUTINES | | SCHEMATA | | SCHEMA_PRIVILEGES | | SESSION_STATUS | | SESSION_VARIABLES | | STATISTICS | | TABLES | | TABLESPACES | | TABLE_CONSTRAINTS | | TABLE_PRIVILEGES | | TRIGGERS | | USER_PRIVILEGES | | VIEWS | | INNODB_LOCKS | | INNODB_TRX | | INNODB_SYS_DATAFILES | | INNODB_LOCK_WAITS | | INNODB_SYS_TABLESTATS | | INNODB_CMP | | INNODB_METRICS | | INNODB_CMP_RESET | | INNODB_CMP_PER_INDEX | | INNODB_CMPMEM_RESET | | INNODB_FT_DELETED | | INNODB_BUFFER_PAGE_LRU | | INNODB_SYS_FOREIGN | | INNODB_SYS_COLUMNS | | INNODB_SYS_INDEXES | | INNODB_FT_DEFAULT_STOPWORD | | INNODB_SYS_FIELDS | | INNODB_CMP_PER_INDEX_RESET | | INNODB_BUFFER_PAGE | | INNODB_CMPMEM | | INNODB_FT_INDEX_TABLE | | INNODB_FT_BEING_DELETED | | INNODB_SYS_TABLESPACES | | INNODB_FT_INDEX_CACHE | | INNODB_SYS_FOREIGN_COLS | | INNODB_SYS_TABLES | | INNODB_BUFFER_POOL_STATS | | INNODB_FT_CONFIG | +———————————————————-+ 59 rows in set (0.00 sec)我们经常用到的几个表
- SCHEMATA表 : 提供了当前mysql实例中所有数据库的信息。
- TABLES 表 : 提供了关于数据库中的表的信息。
- COLUMNS 表 :提供了表中的列信息
SCHEMATA:mysql> select from information_schema.schemata;
+———————+——————————+——————————————+————————————+—————+
| CATALOG_NAME | SCHEMA_NAME | DEFAULT_CHARACTER_SET_NAME | DEFAULT_COLLATION_NAME | SQL_PATH |
+———————+——————————+——————————————+————————————+—————+
| def | information_schema | utf8 | utf8_general_ci | NULL |
| def | mysql | latin1 | latin1_swedish_ci | NULL |
| def | mysqltest | latin1 | latin1_swedish_ci | NULL |
| def | performance_schema | utf8 | utf8_general_ci | NULL |
+———————+——————————+——————————————+————————————+—————+
4 rows in set (0.00 sec)TABLES:mysql> select table_name from information_schema.tables where table_schema=0x6D7973716C74657374; //注意这里不用引号就要把数据库名转为16进制
+——————+
| table_name |
+——————+
| admin |
+——————+
1 row in set (0.00 sec)COLUMNS:mysql> select column_name from information_schema.columns where table_name=0x61646D696E;
+——————-+ | column_name | +——————-+ | id | | username | | password | +——————-+ 3 rows in set (0.00 sec)我们前面说过information_schema储存的是所有数据库的信息,假如我的数据库 mysqltest1 mysqltest2 都存在admin表的话 它都会显示出来mysql> select column_name from information_schema.columns where table_name=0x61646D696E; +——————-+ | column_name | +——————-+ | id | | username | | password | | id | | user | | pass | +——————-+ 6 rows in set (0.00 sec)所以要指定数据库mysql> select column_name from information_schema.columns where table_name=0x61646D696E and table_schema=0x6D7973716C74657374; +——————-+ | column_name | +——————-+ | id | | username | | password | +——————-+ 3 rows in set (0.00 sec)# 0x01 MySQL user 表保存的用户密码 和host等等信息 mysql> select user,password from user; +—————————+—————————————————————-+ | user | password | +—————————+—————————————————————-+ | root | 81F5E21E35407D884A6CD4A731AEBFB6AF209E1B | | root | 81F5E21E35407D884A6CD4A731AEBFB6AF209E1B | | root | 81F5E21E35407D884A6CD4A731AEBFB6AF209E1B | | root | 81F5E21E35407D884A6CD4A731AEBFB6AF209E1B | | debian-sys-maint | 764E40048679D21BBB07CB8DDD18465359DAB4CA | +—————————+—————————————————————-+ 5 rows in set (0.00 sec)# 0x02 文末本文如有错误,请及时提醒,避免误导他人
- author:404