1.关系运算符
等于:Select from users where id=10; 小于:Select from users where id<10; 小于等于:Select * from users where id<=10; 大于:Select * from users where id>10; 大于等于:Select from users where id>=10; 不等于:Select from users where id<>10;#### 2.关系运算符 between:Select from users where id between 1 and 5; in:Select from users where id in(1,2,3); Not in:Select from users where id not in(1,2,3); Is null:Select from users where id is null; Is not null:Select from users where id is not null; like:Select from users where uname like ‘huang%’;#### 3.关系运算符盲注猜测 $sql=“select * from users where uname=’$uname’”
正常传参:uname=admin 结果:select * from users where uname=‘admin’
网页盲注猜测实例: 注入传参: uname=admin’ and uname>’a’ and uname<‘d; 结果:select * from users where uname=‘admin ’ and uname>’a’ and uname<‘d‘
测试当前账户字符长度: select * from users where uname=‘admin’ and length(user())>0
若有收获,就点个赞吧
0 人点赞
