Penetration MySQL injection common functions

Time:2021-9-16
Function name Function function Function name Function function
system_user() System name concat() Connection without separator
user() user name concat_ws() Connection string with separator
current_user() Current user name group_concat() Connect all strings of a group and separate each piece of data with a comma
session_user() User name of the linked database load_file() Read local file
database() Database name into outfile Write file
version()@@version Database version ascii() ASCII code value of the string
@@datadir Database path ord() Returns the ASCII value of the first character of a string
@@basedir Database installation path Mid (‘string ‘, starting position, length) Returns part of a string
@@version_compile_os operating system Substr (‘string ‘, starting position, length) Returns part of a string
count() Returns the number of executions length() Returns the length of the string
Left (‘string ‘, number) Returns the leftmost characters of a string sleep() Let this statement run for N seconds, select sleep (3)
Floor (parameter – can be decimal) Returns the largest integer less than or equal to X if() ->Select if (1 > 2,2,3), if true, return the second parameter; otherwise, return the third parameter;
-> 3
rand() Returns a random number from 0 to 1 char() Returns a string of integer ASCII code characters
->select char(97)
->a
extractvalue() The first parameter: XML document is in string format, which is the name of the XML document object and DOC in the text
Second parameter: XPath string (string in XPath format)
Function: returns the string containing the query from the target XML
STRCMP() Compare string contents
updatexml() The first parameter: XML document is in string format, which is the name of the XML document object and DOC in the text
Second parameter: XPath string (string in XPath format)
The third parameter: New_ Value, string format, replace the found qualified data
Function: change the value of qualified nodes in the document
IFNULL() If parameter 1 is not null, parameter 1 is returned, otherwise the return value is parameter 2
->select ifnull(null,2)
->2
exp() Returns the x power of E REGEXP Regular matching
select user from mysql.user where user REGEXP ‘^admin’;
Match the field with user starting with admin

—Unfinished, to be added—

Recommended Today

Supervisor

Supervisor [note] Supervisor – H view supervisor command help Supervisorctl – H view supervisorctl command help Supervisorctl help view the action command of supervisorctl Supervisorctl help any action to view the use of this action 1. Introduction Supervisor is a process control system. Generally speaking, it can monitor your process. If the process exits abnormally, […]