WebSafe

1-2-4_SQL

SQL

数据库操作

1
2
3
4
create database "websafe";
show databasee;
use websafe;
drop database websafe;

数据表操作

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
create table `teacher`(
`id` int(4) not null primary key auto_increment,
`name` varchar(30) not null,
`sex` char(10) not null,
`addr` char(50) not null default ''
)Engine=InnoDB charset="utf8";

show tables;
desc teacher;

INSERT INTO  `teacher`(name,sex,addr) VALUES ('miki','female','FuJian'),('Json','Male','Guangzhou');
SELECT * from `teacher`;
UPDATE `teacher`  SET name="Lucy" WHERE id=1;
DELECT FROM TABLE `teacher` WHERE id=1;
DROP TABLE `teacher`;

where

1
2
# select 所需信息 from 数据表(或多个) where 条件判断
select name from teacher where addr="Fujian" and sex="Female"

order by

1
2
3
# select 所需信息 from 数据表(或多个)order by 字段 ASC/DESC 
select * from teacher order by name;
select * from teacher order by 2;    #根据第二列排序

Tips: 可以用order by数字来判断数据表的字段长度,经常用于SQL的注射漏洞

union

  • union 不显示重复数据
    -union all 显示重复数据
    1
    2
    3
    4
    5
    # select 所需信息 from1 union select 所需信息 from2
    select * from teacher ;
    select * from student ;
    # 合并student 和teacher表并显示姓名列,注意不显示重复数据!!
    select name from teacher union select name from student;

注释

1
2
3
# ... 本行注释内容
-- ...双横杆加空格注释当前行
/* ...注释当前包裹内容,可多行 */

Tip: 在sql注射时候绕过注入

案例:

1
2
3
4
5
# 导入student表格,从teacher和student表中找出全部男性的name,并按字母排序
source  ~/Desktop/student.sql
表elect name from teacher union all select name from student order by 1;
# 导出数据
/usr/local/mysql/bin/mysqldump -uroot  -proot websafe > ~/Desktop/a.sql

SQL注射常用的内置函数

1
2
3
4
5
database()   #打印当前数据库名称 select database();
current_user #打印当前用户
load_file()  #返回文件的内容  select load_file("/usr/local/nginx/conf/vhost/abc.conf");
version()    # 获取数据库版本
into+outfile #写入文件

另外找下其他数据库注射的函数