Penetration_Testing_POC/books/记一次基于Union的sqlmap自定义payload.html

<!DOCTYPE html> <html style><!--
 Page saved with SingleFile 
 url: https://forum.butian.net/share/3708 
--><meta charset=utf-8>
<meta http-equiv=X-UA-Compatible content="IE=edge">
<meta name=viewport content="width=device-width, initial-scale=1">
<meta name=csrf-token content=hv4G4JoJh8iT2bkEDuman72c3kcwUn4z7xUbH6hd>
<title>记一次基于Union的sqlmap自定义payload</title>
<meta name=keywords content=奇安信,天眼,补天,漏洞,情报,攻防,安全>
<meta name=description content=奇安信攻防社区-记一次基于Union的sqlmap自定义payload>
<meta name=author content="QIANXIN Team">
<meta name=copyright content="2021 QIANXIN.com">
<style>@media (max-width:767px){}</style>
<style>/*!
 * Bootstrap v3.4.1 (https://getbootstrap.com/)
 * Copyright 2011-2019 Twitter, Inc.
 * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
 *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}footer,nav{display:block}template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}img{border:0}button,input,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button{text-transform:none}button{-webkit-appearance:button}textarea{overflow:auto}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */@media print{*,:after,:before{color:#000!important;text-shadow:none!important;background:0 0!important;-webkit-box-shadow:none!important;box-shadow:none!important}a,a:visited{text-decoration:underline}a[href]:after{content:" ("attr(href)")"}a[href^="#"]:after,a[href^="javascript:"]:after{content:""}pre{border:1px solid #999;page-break-inside:avoid}img{page-break-inside:avoid}img{max-width:100%!important}h2,h3,p{orphans:3;widows:3}h2,h3{page-break-after:avoid}.navbar{display:none}}@font-face{font-family:"Glyphicons Halflings";src:/* original URL: https://forum.butian.net/static/css/bootstrap/fonts/glyphicons-halflings-regular.woff2 */url(data:font/woff2;base64,d09GMgABAAAAAEZsAA8AAAAAsVwAAEYJAAECTQAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGiAGYACMcggEEQgKgqkkgeVlATYCJAOGdAuEMAAEIAWHIgeVUT93ZWJmBhtljDXsmI+A80Cgwj/+vggK2vaIIBusdPb/n5SghozBk8fY3CwzKw8ycQ3LRhauWU8b7AQmPrHpsWLSbaQ1gVqO5kgksapZihmcvXvsSAlqZIYL1YkM/LIl97nZp395IqcEA/f21yuNQLmMXb2rZZ/7e/rS+3aQoE5jiykOu275k8k/fj/okKRo8gD/nl/nJmkfxsrIHdGdBcGkiz+6PvzlXksg+3a0LRtj240x7fSAEokyS6Dhebf1LCdu5KvgAAco8DNFd2ngQgUXgqAmqf8L6c5UtGxo2DBNGtLY2tKGZOVZ2HLx77Kss250ad5d3Xl1cpW0vK77me4TVlhzag6hop7lZ01uGarTmUiBV5Wpw9QIIHIy9D5pVGBWN7jNUiixqMnPGuD/K6BvNvMnY8XIQrCP5gbrNOe31s653X+Hg4vjv5quVAldYVtRZDwzd3E4LI6F7nJUSRahOOESHI4wPkW4P/kqRajnl6aVI8/6NyeN7N39hlMJDAtvY/vKt+1fizcmIyrRKym9s6DQKzRhAbBBNrZjjOd5sdmjhmYoYhlG6ebk/+m0JDt7IFlBwzF2UC10R/j/jOHAsRXNIvuwldsBQ8JmLSBXgveuAprUmc51S9awSwjjI63tDuSs1ipLhjzb/AQgKNHf69T31/9a/mDZqwzltVuXJepZBVSKrHslr8mKJIitEKBze2/v7RmcF/KIgxjVu+92dCJw4Jw0YMjq36mKz6R9bwxg47PdFPonbhRl3D4K5EceNXMAevNfTvMKklBL06Z2bVXeC8m+e3q93PLu8/+fGfh/+IyHIjNgbA2SHAOWVyPUkL1eGEArjSwHY7nJa2+pjUFPG3AVbnW1p9R685Z6Sin13M6lHveY2zHHfeHh/0893n+ttoB4vlLGxGDBSolgp3GDFaWCVXMvvyv4a9J2xzF4bBrd3+dqEmwFlkVs7FxuRIzIw8a2r1aGseb/0Gpnm3taZOWJCHo3jwsUNf/fIQR4bcI1b8JbBxy9v3Xv+ya3rzHagkgQQmtB4uwIcXLqzlKQxA2jt7AWjyhcZ2j0EBTIN4ns0op5jz2GSLVa81VQaOnQJDgQUmfTBcQYgHrCZ82tyU46i+AAMXWsJNyFr6Shnj5S/V3l+hSXDqasIp/0Zje8lwv1S69efyeYquu9M5MrRS+8xF6JWVU1XahOQhcu3sqLpdI438Urzs2POI/5LHyJe018jEGKEeV1YXzQYYiSf+yO1d7LhdWdJQAKf2xLR6JQ7SwXTnUU5tzUa/5j7zhtWEDa02T/F8yYP3/x/NrzoudZ0ybP/nvq9pT4s8fPDj/bUNworhRHil22v8/G5K/kT+SP5Lfk1+SX5AZyLbmSXExGyQg5lywmp5N55DhyrPu0+zP3H9yfuD9wv+8+6n7b/br7FXPo5P8Fi54S0BCi00THCKR68zH6oT8SXFU1FnE9rdl00XrUkg6GJlqQbmqiJeltTbQifbyJ1nRr3kQbundooi09/22iHb1CE+3p9Tc28fSugyY60rvJcXQiC9YxOpMVrOvQlaypdTv0IktfoS9KZNZjMJZssvUcMB2yxSdeAxZCtvk4VkO21XpnsAayvawPBlsgO8r6ZOwK2VnWF2J/yIN1HQ6HvKl1O5xAnip9AQZ5iXwMLqmsJ0M+E1xnPRvyOeBW68WQrwG3W2+GfGfwoPVekB8MnrY+ivxkvAo5rc/H++QX7tjF+JQKKkV8QaUOj+MbKk2tW+NbKm1P3A7fUel6HD9Q6W7dGz9SKVmPwW9UJlvPAVUqi5U1EMBT2QxNQgv+7AShpfBbsxMKrYTfb1lEaK0Y1Xvs0Sx9MTxmjSYCNmikGIYnj4F/B8qlVSNWqAjeEa28H6GlRftEfyJUwaXeqdAGokFEOYP/ZUK5OqkHBhXEJQ8CT5zBINLQBBPxgofYRhJ1im4gFjc/JVIDRzQihLhmqWfHwUbquoEgDmE9gpEts9VRl+G9eStCvSzE+NAyw8sT1oU1opWH8JmEjHhuoQUVzqoEZiohobPm62zifEdYUfgg3oNVcJTkCsVFdSDCQJ4Bj6blLfCABB9Eby42WVr2gi0mYT5mEj+bAKuTTo9OnKIJXdRPL147XNoOwkrKDc9CBsdFc0pyGQSqkBkBoMSa9cYPFCfyhWcSL+Pj0UIXJZ+hHm8gH0P16rpulTeL3DoFfPV5g0t0sib3JKfYc698ufV3UIj5xFxpXb4kWhJAKwHNDLa21YA5MHhdu3K4rSW+yNUr9gdSVaxFbYcrFtywqqM7d6B1rMA5L0m8BdQ3yDfVprlR/mx1XKZ50A5XixBOKes4idywdlnuKnW0bQKUobG/6eKp4gS6bSgJZgbKRb3y/0c4sgyiaiNJrL1SjswX+XoMI3G437ffAQYJhClZoNckiwvh0JuGY18lv20teyEwLWALO+HlhazxFGh5VvXkwV1IdiEJzx90HGG9XEvvxRAeBqVbzDF7GgMi52ogNkDsljNUMCWlE78P6c6YIsfUmcZaSYZH5AabU5P3jYIusxHEzqNwB4HG06xTxjFl6fvZk8TYm535DFnBHv92uzgaCGSxXLFCoRdsoVP7/lIpBtIT04bn+a+WroALewJJitOG9NIlnZSvPvsw0I7aprNc8CeUY2e9MiU0oFGORKEKMM2SM0KyIslNjtWOJoDbimhJFcfC2qfSUmcQt01FpKGpobaaDUm9zigHqd7VNVWWRF0MffIdmQdi7Tgkl4fsOKg+8+FYIAGyB2
<style>/*!
 *  Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome
 *  License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
 */@font-face{font-family:"FontAwesome";src:/* original URL: https://forum.butian.net/static/css/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 */url(data:font/woff2;base64,d09GMgABAAAAAS1oAA0AAAAChpgAAS0OAAQBywAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGiAGYACFchEIComZKIe2WAE2AiQDlXALlhAABCAFiQYHtHVbUglyR2H3kYQqug2BJ+096zq1GibTzT1ytyoKAhnlGvH2XQR0B9xFqm6jsv/////kpDFG2w7cQODV9Pt8rYoUCGaTbZJgmyTYkaFAZFtCUREkKFtVPCsorbhAUNA1HuRggbAO2j72UBAaO+EokdExs/1s2/5o1Kiiwimf3Fl5lPJKaenrF62Fznwl24G3XqwUR4KiM7gSbp6V6LraldwKxM2QRIqecFxZciCUTN9Q9A6NG4N0pSnLEZjvE6c2UsJeIlMLTH7xWVLXQ1hSFQmKNIGO5kb6eVxbv+g3bqHirnwdc+C7jHEeo027jiVLyf8XLtu6DiwL+oT3+EzQdP8n9hCQyU0dLBEVY/eIK2L6xNeH50/9c/le2CSFhtd6Lgf1bcWgDPxoJmdi3vDhdu2H8wEOySeKDzajOrC7w/Nz622jYowx2KhtMCLHghqwvypWjKiNHqNjoyQsMEFUUFS0MRID+/SsPAvtO+3z0mAQ5rYn8UgOP/Fzzqk6kQ9ORJ+o/KkQSRGkJIwEVBSLW4GCYjSKEc38f+rs7yyvzrzX772jYmw2kboLSUzpaX3bjCbgNOOUbSwnyxbL8yO916Wzf1J3AaJidcC2LEuWC8YGm+J2iwPbCG1fLcDA5lxIi537jkhI/qrzk+oHxsI/mJbTbfMLOVCIrdgpOedKqIYkxr2InOex9Dj46Mfazs5+uTvEchWNbr89JBEatR+UTmRkbhshJ66m8OM7s/SsOJm8J9lOpu0eIX8tGAZKGcq20y7g2PqR7livPQwsEgQOkJseImA6GKL/Gw8JCSB7je+e3OC8EstLISefAKEtRkiUnAmJIyR+m1pfhLmdEBK1A041VlU4RsivHKKOJRRQ1Pvdq9rb+wYIDIZDcAgCJARRGaK0u9oQnXKs7KLKvZvuumu7a9obpzPZtxPROlIRJR4QtoEye/SH3qn1kh1oJbspOMkR9gD48QEPGApJTEuQNnb0I+37s+7+Biw70KY2h6BOmjLOaHa3Dw4I/u9/zf7rDE9Pkad0IxaFBuJ4VInvqkJmAp2ehHFeFiOcrp+WP3v+NWKKSeLgJS1XWpDruWKkQaMTDF7kMc3ZbjUZ+a7pitemTlGdWSf65t3NEpYE/JFTBNwYH6YhdCIgBmBiM+n3JZMH9O8zNbsCFNFmdjurndXObM6s7jmcOmpnZj9ncpv1cP94nyCAD3wS/CAkCCBlEpQcEpRaFCjFFCR3KFpyU5DodiubWtkcz9Zx9k2i7B6b7s3q3ZltPyZzW/bldJlTklNqjqc5nK/j9z+tfNrqDfHwxT5HDswGLBBiRNW3Xqn0ql6px90bOmyKM469TkGaYKs1C5wyNrMBTPlwU/IJQd+nL1XrCsLWmLS8s7QnOVy0p9WGdLiFEK8h3/b2+rca/RuBbAAGhSBQTVK0mpA5boAKzWAVEhMoyhBA0iBIeSlN0mRNyg2QHDXp1KQTSCfSkZoc8m1TPPro23Ema7wpXM97O+4xxcNt+QebONt74YvVWIQx3S0zx5qQkSmCQiiEkSz7JfWTELC2to0ExAsFBd3923efb36+mHTt8EhXOGyQ1FoRCXKk47//PWWzGuzfMSvmBwUvyY4xVz/WsHLuEg44OVBMxtIBPnVvOSDFGDEgdMOYq8N1Y6edke7EQLP5XUsUEFLvf2JO/7uSdvuTtNQaqqgouCKKg3nrvbt7HAxjrv+P5vNzY3qmGSaucDWn5QShLGqzbiCia07EIYMug25e9/hVdR8AQHz8GD92tT73B7kdudwckXIYVWHcSFIgCxqPEPq51/jVkQCT80kNRInfy4tRv71+cOkKgNyNOzu4bvn5jUwYFyShdPkJOgloRkNZoe3eVE+gRk4dTn59F/ExImCzqPyf2GHPB8sozT9IIBGXlocfxFyWzeV1yjATTNS19fEnte26vb7NlFBibm1Pv5jrtt39jb8CGEpsiz8CAQie5XOr5wWIMCwOOIx4yULy+va+QhnH5ZFGiRAUn1/fG1JpWh34/7fUfmUjFWqwEbF3/WhPYyomRjYMrFlxwZIFe4l9P8nzPvd1Hvu2LvM0Ds5oJQVnlGAEpybX5yC4yxIpqaxSNRjlSIx9saf/y6Swa9yp2xyQJ0qZ3k+/AEmI2xO2nV/vs38FkXFPYifWSMefAEJZRU2jAxw2yHaEgTWqEE5KDeUVAU+ITgcaRgtOeCgxkjoBXLrfq0Pga45joGI4BVH0CRNk4RhbTBQoZWwcKzJ1Le7QYdaYZKKONTuiTiTU9iKiSKqPEKtTRrpv6zJpqCKK2VyzaAQ3SYz2oDxTQ08CrRm4lsiQSKAe4kV3IQEuH9fp/SFCUxJDqmcexJ2JY+MOueRzKtWnc4koNW2UPXHGyoplovvxWZELJOtcPhBmTjiAcZeMeOojdgqlNnVt7wngGZ2wYNtOTS1KAFz0EEa3x3LpRAKAHrVa0zCTByMn6qWIbuwR0kdqTILahlgUG8qMokGqnfFnWXOZKrJZytwHx17ZtZg7ItgdJGhifz25FhnPmxOYMN52SDyXVnZ/gWObXwBcWYoD7KPodztkQhYCg4sDToOEMxshJM7n57Tn4t5JfFCYIH4TJhPkA2TFLsgDG9Sw6QItYQfz+mEZCSsrwhOSOboubVL46TTjY3mvnrkji1XVwkZX7gh1vQ3cCRdpL/Ccr5RmfoA03fBsg+sOWFP0OcOEG/cxRZ3wvTNAkP3aaxOI3BVAFycjo7y2Y6y92W7qqSC68RXvU187rCX77kmK0MEru/gu80wa2EMCeLHr7h4evvrqhrF3CdrNVtuCgIG6qOGkwMP5RXhmfkhgvekwH7whZJToQFF7T2gxiRcXsUjBtkbDq9V6cxqNN/Pdibazxpx0D3J2zOip0mudu4ZoZVMzt9uHdpk5hHF8q0+C75dLKZVVXPKWQdIlo7m7AsRvHntsPIbbS7j/up3NjqKkjmmzj/FI60eASYV6nT02mldXbzDr2Qt8Fd4lQfcaamREKSENgKlwd67I7l+Cs+s7uPGm22OXRCPp/8uBTZDA3k56nPIFtwRwsF6PQ0R43sJ4aimENU/IOfsNoWDR0kVEWO548Y0g3ZJHVcjA7cuvDsSZqgSp79baiZwuJQ23v7bOiLF+DOPx+j3/CBoWQxNvpikNRoQ388rnJFqk/Si3Z8Hrb0Ktpw3bxpzAQN7lJvLD2mXuewbq4uWOo6AIbKCwZopfxlJ4mU5bp10MrpsHOGAtM5lztKbBknt/UGoB3hm4V3VjOe+FuK6phBtbPh3qLZ8uRKLcjln6H/ebFQ+AHmSHDM/C2AeisisYXnuTrrlD7veJsW3gxNnwLKaxQE48spAd2tnQ+PKJrx9/Di6NlFbx5k3w2hFT7CvTXESeK6LaUqJ80Ta1C+IncVxU4N0CppXzHB45h0SEBlg8fyTtcImA3gciu+mFppL8JJvStwveLPlwH7tz+aVU084a3f6vYrv/1E5rSZEeX+ahYNXmCkboiB/qV5OfVv+UJdnRdwitfqmkxETUkNnCy90q87N4afIeuHlbclqqhwCZW1MltEeb3BhzYEY844WjhbOsIKLBVosr/vMhK62W9/WKuNiNizl5n2vFwWZikTgy3gZz3n1sO1spZSTE+IlUnYaWa62DkuApmnaPtqk5rAGE4xune9N1E/J1j3SPyN6zQEXj9D58Q/baPFw0JQiXUnbhDKW26eXE6Kra9EDXukPMOFyR+H4pFCNrfL65LmHrb6q62gO6MDBHlHEwHRQl8fzwE6GZaHCLqboNTP+c3iKMKz6O7Oa1JaoLXk3L
<style>@media (min-width:1200px){.navbar-form{width:235px}}@media (min-width:768px){.navbar-form .form-control{width:100%}}@media (max-width:767px){.global-nav{width:100%;text-align:center;z-index:1000}}@media (max-width:767px){}.global-nav .nav{height:44px;padding:0}.navbar-form .btn{position:absolute;top:8px;right:30px;color:#999;-moz-box-shadow:none;-webkit-box-shadow:none;box-shadow:none}.navbar-form .btn:hover,.navbar-form .btn:focus{color:#777}pre{white-space:pre-wrap}@media (min-width:768px){}@media (min-width:992px){}@media (min-width:1200px){}html{font-size:10px;-webkit-tap-highlight-color:transparent}body{font-family:-apple-system,"Helvetica Neue",Helvetica,Arial,"PingFang SC","Hiragino Sans GB","WenQuanYi Micro Hei","Microsoft Yahei",sans-serif;font-size:14px;line-height:1.5;color:#333;background-color:#f6f6f6;word-break:break-word}button,input,textarea{font-family:inherit;font-size:inherit;line-height:inherit}ul{padding:0}.wrap{padding-bottom:30px;position:relative}.main{background-color:#fff;border-radius:4px}.mb-20{margin-bottom:20px}.mb-50{margin-bottom:50px}.mt-10{margin-top:10px}.mt-15{margin-top:15px}.mt-30{margin-top:30px}.mt-60{margin-top:60px}.ml-10{margin-left:10px}.mr-5{margin-right:5px}.span-line{margin-left:8px;margin-right:8px;color:#999}.logo{float:left;margin:0;display:inline-block;width:150px}.logo a{display:block;height:50px;width:145px;background-image:/* original URL: https://forum.butian.net/css/default/logo.svg */url(data:image/svg+xml;base64,PHN2ZyBpZD0i5Zu+5bGCXzEiIGRhdGEtbmFtZT0i5Zu+5bGCIDEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmlld0JveD0iMCAwIDQyNi4xMyAxMTEuNDIiPjxkZWZzPjxzdHlsZT4uY2xzLTF7ZmlsbDojZmZmO308L3N0eWxlPjwvZGVmcz48dGl0bGU+5aWH5a6J5L+h5pS76Ziy56S+5Yy6X2xvZ288L3RpdGxlPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTExMiw1Ny4zM3YtNGgzNy43OHY0aC00LjM5VjcxLjE4cS4wOCw1LjUzLTUuMTksNS40NGgtNC44OXYtNGgyLjM0YzEuMiwwLDEuNzgtLjYyLDEuNzUtMS45M1Y1Ny4zM1ptMS44LTExLjkydi00aDEzLjg1VjM4LjkzaDYuNDh2Mi41MWgxMy45M3Y0SDEzNi4zNXEzLDIuNTEsMTAuOTIsNC4zMXYzLjQ3UTEzNiw1MS42NSwxMzAuODcsNDcuNXEtNS4xLDQuMTQtMTYuMzYsNS42OVY0OS43MmM1LjI1LTEuMiw4Ljg4LTIuNjQsMTAuOTItNC4zMVptMi4wOSwyNy4yOFY1OS43NmgxOS4zN3Y3LjM2Yy4xMSwzLjgzLTEuNjcsNS42OC01LjM1LDUuNTdabTUuNDgtNGg2LjQ1YzEuMzkuMDksMi4wNS0uNjEsMi0yLjA5VjYzLjc4aC04LjQxWiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTE1My42Nyw1OC43MlY1NC41M2g0LjY5VjUwLjMxaDYuNTJ2NC4yMmgxNS42OVY1MC4zMWg2LjUzdjQuMjJoNC44MXY0LjE5aC01LjA2YTE1LjM2LDE1LjM2LDAsMCwxLTcuNTcsMTEuODgsOTIuNiw5Mi42LDAsMCwwLDEyLjIxLDIuMzR2NHEtMTIuMTMtMS4yNS0xOC43OC0zLjQ3LTYuNTcsMi4yMi0xOC43LDMuNDd2LTRhMTA0LDEwNCwwLDAsMCwxMi4xNy0yLjM0LDE1LjA2LDE1LjA2LDAsMCwxLTcuNTctMTEuODhabTM2LjYxLTE2Ljg2djcuMzZoLTYuMTVWNDZIMTYxLjM3djMuMjJoLTYuMTVWNDEuODZoMTMuODlWMzkuMDloNy4ydjIuNzdaTTE3Mi43NSw2OC4yMXE2LjY5LTMuMTgsNy42MS05LjQ5SDE2NS4wOVExNjUuOTMsNjUsMTcyLjc1LDY4LjIxWiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTE5OSw3N1Y1Mi43M2EyNywyNywwLDAsMS0zLjQ3LDEuNDNWNTAuMzVhMTcuMiwxNy4yLDAsMCwwLDUuOS0xMWg1LjlhMzIuODYsMzIuODYsMCwwLDEtMi42OCw3LjdWNzdabTcuNzQtMzF2LTRoMTBWMzkuM2g2Ljd2Mi43NmgxMC4xMnY0Wm0xLjM0LDMwLjVWNjIuMjNIMjMxLjd2Ny43cS4xNyw2LjgxLTYuMTUsNi42MVptLjEzLTI0di0zLjhoMjMuNDJ2My44Wm0wLDYuN1Y1NS40MWgyMy40MnYzLjgxWm0xNy44NiwxMC42MlY2Ni4ySDIxMy43MXY2LjMyaDEwLjEyQzIyNS4zOSw3Mi42MywyMjYuMTMsNzEuNzQsMjI2LjA1LDY5Ljg0WiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTIzNy43Niw0Ni40NnYtNGgxNC40OHY0SDI0OFY2NS4yNGMxLjQyLS4zLDMtLjcxLDQuNzMtMS4yMXY0LjE0YTU1LjQxLDU1LjQxLDAsMCwxLTE1LjE0LDMuNzdWNjYuNzljMS4yNS0uMDgsMi43OC0uMjQsNC42LS40NlY0Ni40NlptMTMuNDMsOC4wN1Y1MC44MXE0LjY5LTQsNS40NC0xMS41NWg2LjExYTMyLjMxLDMyLjMxLDAsMCwxLTEuMDUsNC40NGgxMy43N3Y0aC0zcS0uODQsMTEuODUtNS44NiwxOC4yYTQzLjI2LDQzLjI2LDAsMCwwLDguNDksNi44MnY0LjQ0YTQ5LjQxLDQ5LjQxLDAsMCwxLTEyLTcuNTMsNTIuMTMsNTIuMTMsMCwwLDEtMTIuNjQsNy41N1Y3Mi44MUE0MC4wNyw0MC4wNywwLDAsMCwyNTkuNzMsNjZhMzQuMzgsMzQuMzgsMCwwLDEtNS42MS0xMi44QTIxLjc4LDIxLjc4LDAsMCwxLDI1MS4xOSw1NC41M1ptOC4yNS0zLjcyYTM2LjQsMzYuNCwwLDAsMCwzLjc2LDEwLjVxMi43MS00Ljg5LDMuNDMtMTMuNTZIMjU5LjlhMTUuMSwxNS4xLDAsMCwxLTIuNDcsMy4wNloiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0yODAuNTYsNzYuOTFWNDAuNjRoMTMuNzN2NGEyNS44NiwyNS44NiwwLDAsMS0yLjY0LDEwLDExLjMyLDExLjMyLDAsMCwxLDMsNy40cS4xNyw4LjUzLTcuOT
<style>a{text-decoration:none}a:focus,a:hover{color:#004e31;text-decoration:underline}.navbar-inverse{background-color:#2a8c70;border-color:#2b7a5c}.navbar-inverse .navbar-nav>li>a{color:#fff;padding-left:6px;padding-right:6px}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#008151}@media (max-width:767px){}@media (max-width:767px){}.btn-primary{border-color:#008151;background-color:#009a61;color:#fff}.btn-primary.active,.btn-primary:active,.btn-primary:focus,.btn-primary:hover,.open>.btn-primary.dropdown-toggle{border-color:#00432a;background-color:#006741;color:#fff}.btn-primary.active,.btn-primary:active,.open>.btn-primary.dropdown-toggle{background-image:none}.btn-success{border-color:#4cae4c;background-color:#5cb85c;color:#fff}</style>
<style>@font-face{font-family:qax-design-icons;src:/* original URL: https://forum.butian.net/static/js/qaxd/fonts/qax-design-icons.woff */url(data:font/woff;base64,d09GRgABAAAAAG4oAAsAAAAA2pQAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABHU1VCAAABCAAAADMAAABCsP6z7U9TLzIAAAE8AAAARAAAAFY9Fkm8Y21hcAAAAYAAAAdUAAARKjgK0qlnbHlmAAAI1AAAWZoAALGMK9tC4GhlYWQAAGJwAAAALwAAADYU7r8iaGhlYQAAYqAAAAAdAAAAJAfeBJpobXR4AABiwAAAABUAAARkZAAAAGxvY2EAAGLYAAACNAAAAjR9hqpgbWF4cAAAZQwAAAAfAAAAIAIxAJhuYW1lAABlLAAAAUoAAAJhw4ylAXBvc3QAAGZ4AAAHsAAADQvkcwUbeJxjYGRgYOBikGPQYWB0cfMJYeBgYGGAAJAMY05meiJQDMoDyrGAaQ4gZoOIAgCKIwNPAHicY2BkYWCcwMDKwMHUyXSGgYGhH0IzvmYwYuRgYGBiYGVmwAoC0lxTGByeLXh+irnhfwNDDHMDQwNQmBEkBwD5Vw1OeJzd1/W3l3UWxfH359JdUoPBYMugiNjJDAx2dzMY2N3d3d0oJd1IIx12d+s5JoPiICbuh/0H+Puw1ot17113rfu98ey9D1AHqCX/kNp68xeK3qLmR320rP54LRqu/njtmkV6vxMd9Xk10T+GxKSYFUtjeazKVtk+O2bn7JG9sk8uzCWrVoE+Z0AMjckxO5bFiqzJ1tkhO2WX7Jm9s28urj7nL/4Vfb1ObEJP9mcE45hHsJSVpWHpVrqXfjVdV39OjV5jbX0ndalHfRro9TaiMU1oSjOa04KWtGINWtOGtrSjPX+jA2uyFmuzjr6bv+srrMt6rM8GbMhGbKyv11nfdxc2ZTO6sjnd2ILubMlWbM02bMt2bM8O7MhO7Mwu9OCf/EuvsBf/pje7shu7swd7shd7sw/7sp9e+wEcyEEczCEcymEczhEcyVEczTEcSx/+Q1+O43hO4ET6cRIncwqnchqncwZnchZncw7nch7ncwEXchEXcwmXchmXcwVXchVXcw3Xch3XcwM3chM3cwu3chu3cwd3chd3cw/3ch/38wAP8hAP8wiP8hiP8wT9eZKnGMBABjGYITzNUIYxXD/tkYxiNGMYq5/7eCYwkUk8w2SmMJVpTGcGM5nFs8xmDnP1m5nPAhayiMUs4Tme5wXe4E3e4kXe5h1e4mVe4VVe411e5z3e5wM+5CM+5hM+5TM+5wv9bpMv+Yqv+YZv+U6/6f+yjO/5geX8yP9YwU+s5Gd+4Vd+43f+YFWhlFJTapXapU6pW+qV+qWB/joalcalSWlampXmpUVpWVqVNUrr0qa0Le30B1P3L//u/v//Na7+a9LV71Q/lehv1VMfA0xPFjHQqpSIQVYlRQy2KkFiiOkJJIaankVimOmpJIabnk9ihFXJEiNNzywxyqpXF6NNzzExxvREE2NNzzYxzvSUE+NNzzsxwfTkExNNGUBMMqUBMdmUC8QUU0IQU01ZQUwzqp/PdFN+EDNMSULMNGUKMcuULsRsU84Qc0yJQ8w1ZQ8xz5RCxHxTHhELTMlELDRlFLHIlFbEYlNuEUtMCUY8Z8oy4nlTqhEvmPKNeNGUdMRLpswjXraqDeIVUw4Sr5oSkXjNlI3E66aUJN4w5SXxpik5ibdMGUq8bUpT4h1TrhLvmhKWeM+UtcT7ptQlPjDlL/GhKYmJj0yZTHxsSmfiE1NOE5+aEpv4zJTdxOemFCe+MOU5EaZkJ9KU8cSXprQnvjLlPvG1qQGIb0xdQHxragXiO1M/EEtNTUEsM3UG8b2pPYgfTD1CLDc1CrHC1C3ET6aWIVaa+ob42dQ8xC+mDiJ+NbUR8Zupl4jfTQ1F/GHqKmKVqbXIGlN/kbVMTUbWNnUaWcfUbmRdU8+R9UyNR9Y3dR/ZwNSCZENTH5KNTM1INjZ1JNnE1JZkU1Nvks1MDUo2N3Up2cLUqmRLU7+SrUxNS7Y2dS7ZxtS+ZFtTD5PtTI1Mtjd1M9nB1NLkmqa+JtcyNTe5tqnDyXVMbU52NPU62cnU8OS6pq4n1zO1Prm+qf/JDUxLgNzQtAnIjUzrgNzYtBPITUyLgexs2g5kF9OKIDc17QlyM9OyILuaNga5uWltkN1Mu4PcwrRAyO6mLUJuaVol5FamfUJubVoq5DamzUJua1ov5HamHUNub1o05A6mbUPuaFo55E6mvUPubFo+5C6mDUT2MK0hsqdpF5G9TAuJ7G3aSuSuptVE7mbaT+TupiVF7mHaVOSepnVF7mXaWeTepsVF7mPaXuS+phVG7mfaY+T+pmVGHmDaaOSBprVGHmTabeTBpgVHHmLacuShplVHHmbad+ThpqVHHmHafOSRpvVHHmXageTRpkVIHmPahuSxppVI9jHtRbKvaTmSx5k2JHm8aU2SJ5h2JXmiaWGS/UxbkzzJtDrJk037kzzFtETJU02blDzNtE7J0007lTzDtFjJM03blTzLtGLJs017ljzHtGzJc00blzzPtHbJ8027l7zAtIDJC01bmLzItIrJi037mLzEtJTJS02bmbzMtJ7Jy007mrzCtKjJK03bmrzKtLLJq017m7zGtLzJa00bnLzOtMbJ6027nLzBtNDJG01bnbzJtNrJm037nbzFtOTJW02bnrzNtO7J2007n7zDtPjJO03bn7zLdAWQd5vuAfIe02VA3mu6Ecj7TNcCeb/pbiAfMF0Q5IOmW4J8yHRVkA+b7gvyEdOlQT5qujnIx0zXB/m46Q4hnzBdJGR/021CPmm6UsinTPcKOcB0uZADTTcMOch0zZCDTXcNOcR04ZBPm24dcqjp6iGHme4fcrjpEiJHmG4icqTpOiJHme4kcrTpYiLHGOr1HGvVoZ/jrOidHG+l6vwJVqrOn2il6vxJVqrOf8aqyyonW6k6f4qVqvOnWqk6f5qVqvOnW6k6f4aVqvNnWqk6f5aVqvOftVJ1/mwrVefPsVJ1/lwrVefPs1J1/nwr2v+5wErV/wutVP2/2ErV/0ustPsTkfxhoXicrL0JYFvVlTD87n3aV2u3LVvWYkl2HCu2ZUl2nNjPibM6GyGrQxKFhCRAEkKAsIYIaIeUJYQBSsO0YEjLsJXSQqa0LBVbof0oy7TTUjpQt512Ol9ppzt0Gr3859z7nvTkWCTM9yfWffu9525nv+cKegH+iYdEk+AQ4kKn0C/MEwQS8PcMkWxvMhF1EoM3YDSk6BBJJnrhZk/A74Wb0RnUaPD6e3KEXaZI5RE/J72/sDRYXu/rm3V04HXz7Yeal/STphs7g8HXl7++fHT09ablzWOdh8yeBgu5zmw+7mg1249bGrdZLMftMYv9uDlI7v6F2fz6wNFZfX2vWxo/uLGJ9C9pPtTZvLzp9dFRyOP1pqYNnYcsDR4zNUFJx+3mVshhm6XR8hQ7NQuiIJwsioIoCXVCm9AF9Yr0ZDOu3kQsEjX4XF5/Wu9zkGgimYmlSNI1SHKREAm4HMTYQXxQt2yGjBPB4XY75CKmRCDZlVkitWcJybarx4LkbnITAR6zl2TJ4ZbG27PZ9nF8qchfkvHlcXwOza0DuP4uviYuFDxChzAozAfIEoMkRAzGEBkkmTRAkCIz4EbAn81lE8mEwYiPAwhmwuDh3ZGAR/5AiBgdcDNpNIRIjhJdU2aaranRNTCUlOjYyMgYvdb5qU2bjtR7l69e++XcrFuuW0gkeu7SpfvOeSM02k+Cb2R7t2z95dpV7vmLf3qswfeK3RKzk2JwmjWY6TA2Bdw9EcgDcgptutIo7tpwzv3t8a6l7ea5VyxaeqFRPyZ/840g6R8NvbH7p4vnu1et/eXWLb1jvoZvYx8KRqjnSXGvOCJYBL8wJGwQzhMuFq6G2mZ6E9gDaRhlUWMmzS6bSbonRI0iVD4C9RQTgzQdywxSfyAb4IcQbcbadmCXxTKJGSQWNbSQCLR
<style>@-moz-keyframes blink{50%{background-color:transparent}}@-webkit-keyframes blink{50%{background-color:transparent}}@keyframes blink{50%{background-color:transparent}}@media print{}pre code.hljs{overflow-x:auto}.hljs{color:#000}.hljs-comment{color:green}.hljs-name,.hljs-tag{color:#00f}.hljs-literal,.hljs-string{color:#a31515}.markdown-body{color-scheme:light;--color-prettylights-syntax-comment:#6e7781;--color-prettylights-syntax-constant:#0550ae;--color-prettylights-syntax-entity:#8250df;--color-prettylights-syntax-storage-modifier-import:#24292f;--color-prettylights-syntax-entity-tag:#116329;--color-prettylights-syntax-keyword:#cf222e;--color-prettylights-syntax-string:#0a3069;--color-prettylights-syntax-variable:#953800;--color-prettylights-syntax-brackethighlighter-unmatched:#82071e;--color-prettylights-syntax-invalid-illegal-text:#f6f8fa;--color-prettylights-syntax-invalid-illegal-bg:#82071e;--color-prettylights-syntax-carriage-return-text:#f6f8fa;--color-prettylights-syntax-carriage-return-bg:#cf222e;--color-prettylights-syntax-string-regexp:#116329;--color-prettylights-syntax-markup-list:#3b2300;--color-prettylights-syntax-markup-heading:#0550ae;--color-prettylights-syntax-markup-italic:#24292f;--color-prettylights-syntax-markup-bold:#24292f;--color-prettylights-syntax-markup-deleted-text:#82071e;--color-prettylights-syntax-markup-deleted-bg:#FFEBE9;--color-prettylights-syntax-markup-inserted-text:#116329;--color-prettylights-syntax-markup-inserted-bg:#dafbe1;--color-prettylights-syntax-markup-changed-text:#953800;--color-prettylights-syntax-markup-changed-bg:#ffd8b5;--color-prettylights-syntax-markup-ignored-text:#eaeef2;--color-prettylights-syntax-markup-ignored-bg:#0550ae;--color-prettylights-syntax-meta-diff-range:#8250df;--color-prettylights-syntax-brackethighlighter-angle:#57606a;--color-prettylights-syntax-sublimelinter-gutter-mark:#8c959f;--color-prettylights-syntax-constant-other-reference-link:#0a3069;--color-fg-default:#24292f;--color-fg-muted:#57606a;--color-fg-subtle:#6e7781;--color-canvas-default:#ffffff;--color-canvas-subtle:#f6f8fa;--color-border-default:#d0d7de;--color-border-muted:hsl(210,18%,87%);--color-neutral-muted:rgba(175,184,193,0.2);--color-accent-fg:#0969da;--color-accent-emphasis:#0969da;--color-attention-subtle:#fff8c5;--color-danger-fg:#cf222e}.markdown-body{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;margin:0;color:var(--color-fg-default);background-color:var(--color-canvas-default);font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji";font-size:16px;line-height:1.5;word-wrap:break-word}.markdown-body strong{font-weight:600}.markdown-body img{border-style:none;max-width:100%;-webkit-box-sizing:content-box;box-sizing:content-box;background-color:var(--color-canvas-default)}.markdown-body ::-webkit-input-placeholder{color:inherit;opacity:0.54}.markdown-body ::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}.markdown-body h5,.markdown-body h6{margin-top:24px;margin-bottom:16px;line-height:1.25}.markdown-body h5{font-weight:600;font-size:0.875em}.markdown-body h6{font-weight:600;font-size:0.85em;color:var(--color-fg-muted)}.markdown-body code{font-family:ui-monospace,SFMono-Regular,SF Mono,Menlo,Consolas,Liberation Mono,monospace}.markdown-body pre{font-family:ui-monospace,SFMono-Regular,SF Mono,Menlo,Consolas,Liberation Mono,monospace;word-wrap:normal}.markdown-body ::-webkit-input-placeholder{color:var(--color-fg-subtle);opacity:1}.markdown-body ::placeholder{color:var(--color-fg-subtle);opacity:1}.markdown-body::before{display:table;content:""}.markdown-body::after{display:table;clear:both;content:""}.markdown-body>*:first-child{margin-top:0!important}.markdown-body>*:last-child{margin-bottom:0!important}.markdown-body p,.markdown-body pre{margin-top:0;margin-bottom:16px}.markdown-body code{border-radius:6px}.markdown-body pre code{font-size:100%}.markdown-body pre>code{word-break:normal;white-space:pre;background:transparent}.markdown-body pre{padding:16px;overflow:auto;font-size:85%
<style>#md_view{padding:0 20px}#md_view img:hover{cursor:pointer}</style>
<!--[if lt IE 9]>
    <script src="/static/js/html5shiv.min.js"></script>
    <script src="/static/js/respond.min.js"></script>
    <![endif]-->
<style>.hot{z-index:10}</style>
<style>html #layuicss-skinlayercss{display:none;position:absolute;width:1989px}@-webkit-keyframes bounceIn{0%{opacity:0;-webkit-transform:scale(.5);transform:scale(.5)}100%{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes bounceIn{0%{opacity:0;-webkit-transform:scale(.5);-ms-transform:scale(.5);transform:scale(.5)}100%{opacity:1;-webkit-transform:scale(1);-ms-transform:scale(1);transform:scale(1)}}@-webkit-keyframes zoomInDown{0%{opacity:0;-webkit-transform:scale(.1) translateY(-2000px);transform:scale(.1) translateY(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateY(60px);transform:scale(.475) translateY(60px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@keyframes zoomInDown{0%{opacity:0;-webkit-transform:scale(.1) translateY(-2000px);-ms-transform:scale(.1) translateY(-2000px);transform:scale(.1) translateY(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateY(60px);-ms-transform:scale(.475) translateY(60px);transform:scale(.475) translateY(60px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@-webkit-keyframes fadeInUpBig{0%{opacity:0;-webkit-transform:translateY(2000px);transform:translateY(2000px)}100%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes fadeInUpBig{0%{opacity:0;-webkit-transform:translateY(2000px);-ms-transform:translateY(2000px);transform:translateY(2000px)}100%{opacity:1;-webkit-transform:translateY(0);-ms-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes zoomInLeft{0%{opacity:0;-webkit-transform:scale(.1) translateX(-2000px);transform:scale(.1) translateX(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateX(48px);transform:scale(.475) translateX(48px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@keyframes zoomInLeft{0%{opacity:0;-webkit-transform:scale(.1) translateX(-2000px);-ms-transform:scale(.1) translateX(-2000px);transform:scale(.1) translateX(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateX(48px);-ms-transform:scale(.475) translateX(48px);transform:scale(.475) translateX(48px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@-webkit-keyframes rollIn{0%{opacity:0;-webkit-transform:translateX(-100%) rotate(-120deg);transform:translateX(-100%) rotate(-120deg)}100%{opacity:1;-webkit-transform:translateX(0) rotate(0);transform:translateX(0) rotate(0)}}@keyframes rollIn{0%{opacity:0;-webkit-transform:translateX(-100%) rotate(-120deg);-ms-transform:translateX(-100%) rotate(-120deg);transform:translateX(-100%) rotate(-120deg)}100%{opacity:1;-webkit-transform:translateX(0) rotate(0);-ms-transform:translateX(0) rotate(0);transform:translateX(0) rotate(0)}}@keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes shake{0%,100%{-webkit-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);transform:translateX(10px)}}@keyframes shake{0%,100%{-webkit-transform:translateX(0);-ms-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);-ms-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);-ms-transform:translateX(10px);transform:translateX(10px)}}@-webkit-keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes bounceOut{100%{opacity:0;-webkit-transform:scale(.7);transform:scale(.7)}30%{-webkit-transform:scale(1.05);transform:scale(1.05)}0%{-webkit-transform:scale(1);transform:scale(1)}}@keyframes bounceOut{100%{opacity:0;-webkit-transform:scale(.7);-ms-transform:scale(.7);transform:scale(.
<body>
<div class="global-nav mb-50">
 <nav class="navbar navbar-inverse navbar-fixed-top">
 <div class="container nav">
 <div class="visible-xs header-response sf-hidden">
 
 
 
 
 </div>
 <div class="row hidden-xs">
 <div class="col-sm-9 col-md-9 col-lg-9">
 <div class=navbar-header>
 <button type=button class="navbar-toggle collapsed sf-hidden" data-toggle=collapse data-target=#global-navbar>
 
 
 
 
 </button>
 <div class=logo><a class="navbar-brand logo" href=https://forum.butian.net/></a></div>
 </div>
 <div class="collapse navbar-collapse" id=global-navbar>
 <ul class="nav navbar-nav">
 <li><a href=https://forum.butian.net/>首页 <span class=sr-only>(current)</span></a></li>
 
 
 
 <li><a href=https://forum.butian.net/questions>问答</a></li>
 
 
 
 <li><a href=https://forum.butian.net/shop>商城</a></li>
 
 <li><a href=https://forum.butian.net/community>实战攻防技术</a></li>
 <li><a href=https://forum.butian.net/articles>漏洞分析与复现</a>
 <span class=hot>NEW</span>
 </li>
 <li><a href=https://forum.butian.net/movable>活动</a></li>
 <li><a href=https://forum.butian.net/questions/Play>摸鱼办</a>
 
 </li>
 </ul>
 <form role=search id=top-search-form action=https://forum.butian.net/search method=GET class="navbar-form hidden-sm hidden-xs pull-right">
 <span class="btn btn-link"><span class=sr-only>搜索</span><span class="glyphicon glyphicon-search"></span></span>
 <input type=text name=word id=searchBox class=form-control placeholder value>
 </form>
 </div>
 </div>
 
 </div>
 </div>
 </nav>
</div>
<div class="top-alert mt-60 clearfix text-center">
 <!--[if lt IE 9]>
    <div class="alert alert-danger topframe" role="alert">你的浏览器实在<strong>太太太太太太旧了</strong>，放学别走，升级完浏览器再说
        <a target="_blank" class="alert-link" href="http://browsehappy.com">立即升级</a>
    </div>
    <![endif]-->
 
 </div>
<div class=wrap>
 <div class=container>
 <div class="row mt-10">
 <div class="col-xs-12 col-md-9 main" style=width:100%>
 <div class=widget-article>
 <h3 class="title word-wrap">记一次基于Union的sqlmap自定义payload</h3>
 <ul class=taglist-inline>
 </ul>
 <div class="content mt-10">
 <div class="quote mb-20">
 hw期间某晚上10点，某知名小朋友审计了一套bc源码，有sql注入，注入的位置比较刁钻，sqlmap无法识别，不能取证 (公众号转发务必说明来源，标注作者！)
 </div>
 <textarea id=md_view_content style=display:none value='hw期间某晚上10点，某知名小朋友审计了一套bc源码，有sql注入，注入的位置比较刁钻，sqlmap无法识别，不能取证

##### 注入场景

```js
pay.php?id=pay`+/*_*/where+false 注入error 
pay.php?id=pay`+/*_*/where+false# 注入正常
```

![Snipaste_2024-08-13_23-43-18.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-34eb4ca1550ccb57df23aaabd462a9309e5eb508.png)

![Snipaste_2024-08-13_22-54-36.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-196e7fcd53f245d5e95631a9ea6c2a4e8edc5a9e.png)

###### sqlmap无法识别

![微信图片_20240813223537-1723561048427.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-afe79b09fb31c96f33af2d5a69e6fa531fc03710.png)

注入位置比较刁钻，小朋友说得保留

```js
pay`+/*_*/where+false
```

字段才可控，

在网上搜了一圈，没有找到基于union的自定义查询，于是下了些功夫，研究了sqlmap的union注入流程

##### union注入流程

union联合查询，用于合并左右两侧select语句的结果，得要求两侧select的列数相同，两侧select列数不同发生error,那注入就失败;因此 union注入必须得先进行order by的判断确定列数，后续才能拼接子查询测试。

![Snipaste_2024-08-13_23-25-39.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-1ba67ae92b089d4f3621c434291fb38ff07348b6.png)

![Snipaste_2024-08-13_23-26-34.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-bba6a2c4c30e7fb491148e7a67b7d02e85a68a45.png)  
所以，站点union注入失败的原因在于order by测试没命中

![Snipaste_2024-08-13_23-07-38.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-6ad534c4446c93a7fd3a4f2cc35fab1c204829fc.png)

sqlmap测试union注入的文件在data\\xml\\payloads\\union\_query.xml 根据发包提示信息和order by相关的是"Generic UNION query"模板

![Snipaste_2024-08-13_23-49-57.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-3cbf755f33483da57f390159e4d5c9140526dcad.png)

网上转了一圈，参考报错注入和时间注入的修改request和response两处标签，通过正则等方式去匹配命中，发现**无法过编译**， 后续测试，union\_query.xml的标签\[vector\]、\[request\]、\[response\]不可控，(修改后测试流程依旧没变化)。

猜测可能和**子语句测试**有关，站在sqlmap的视角，他肯定是无法识别当前子语句注入方式的，比如位置是在where后可控还是order by后可控，或者是逻辑符可控，比如例示列名 (SELECT \* FROM users ORDER BY column\_name)等，得构造某特定的类型才能识别，自定义类型，跟进到xml/payloads/**boundaries.xml**

###### 自定义payload

boundaries文件几处属性是控制自定义字符的，preffix和suffix，把这里的preffix改为站点的自定义字段

![Snipaste_2024-08-14_08-02-18.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-fa62132ad06a54af23f66d4e81ec381428fdf28b.png)  
然后得考虑该字段如何去和union模板里的test组合问题，网上转了一圈，当boundaries的clause和where属性值包含union模板的clause、where两个属性值即会匹配组合

clause取值为1-9，联合查询有关的子查询有 where、order by，取值为1，3  
![Snipaste_2024-08-14_08-11-41.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-265c6d692f309318a745981581c191e318f6d693.png)

where取值为1-3，where标签，用来确定整体注入payload的插入位置，比如第一个注入参数，取值为1，第二个注入参数，取值为2，这里就默认为1

![Snipaste_2024-08-14_08-14-26.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-6bb8d3f60a1248c9f9589d5d7693745cbe4089ad.png)

```js
<boundary>
    <level>1</level>
    <clause>1,2</clause>
    <where>1</where>
    <ptype>1</ptype>
    <prefix>pay`+/*_*/where+false</prefix>
    <suffix>#</suffix>
</boundary>
```

观察union模板的"Generic UNION query" where、clause标签是否能匹配

![Snipaste_2024-08-14_08-20-04.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-15a5e769a6974167bdba5cd2039f613b6222d6aa.png)

没啥问题，发包测试

##### 测试问题

再测试已经能识别到自定义的payload了，但探测的深度很有限,order by的注入得取两个值，一大一小来确定字段，从发包payload来看只发了order by 1

![Snipaste_2024-08-14_08-22-46.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-d6df6dc1621b149306e2120edc157288698a1324.png)  
把流量挂到burp看看，代理后，再次发包

![Snipaste_2024-08-14_08-28-26.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-00e7a312db0f6efe3dd0b1b860353c100a4452ec.png)

```js
pay`+/*_*/where+false order by 1#
pay`+/*_*/where+false order by 4839#
```

这里命中了，但没识别出order by的注入

###### 编码问题

在这折腾了好久，觉得是sqlmap的版本原因，下载了最新的版本，再次发包，再测试发现order by 4839#这部分包又不测试了，觉得是代理的问题，于是换了socks发现也一样，后续发现报文出问题了  
![Snipaste_2024-08-14_08-40-39.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-b7606e1b428b3ed0bf4184351f806340e57af91f.png)

sqlmap报文编码导致自定义的字符失效了，被编码了%2B%2F%2A\_%2A%2F

burp做个发包替换，

```js
%2B%2F%2A_%2A%2F->pay`+/*_*/where
```

###### 识别注入

识别成功，order by

![Snipaste_2024-08-14_08-45-34.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-693cfe20a644bd521d6ce329b675fdb5e1a46ab6.png)

后续的流程就很简单了，识别到order by 判断列数，union子查询拼接case条件从句

![Snipaste_2024-08-14_08-48-54.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-476bd8fdef3c9ff71f8c1c8cc48379eb5a29676e.png)

![Snipaste_2024-08-14_10-08-40.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-9fbc2fbf099fa405abf1e7c43d6e70380057a0a7.png)  
取证完成

![Snipaste_2024-08-14_08-50-22.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-0a83d9ddf3baa82253bfa7bf79845ff0830d42de.png)

##### 扩展思路

###### 自定义前后缀

后续发现一种更便捷的方式，不用修改boundary，自定义前后缀，在sqlmap发包的时候提供

```js
preffix="pay`+/*_*/where"
suffix="#"
technique=U
```

这样发包会更精准，由于提供了前缀，sqlma后续不会从boundary取注入符，会调用默认的clause和where去匹配union\_query.xml里的test模板，免去了其他符号的测试

完整参数

![Snipaste_2024-08-14_09-03-02.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-bd343a2c396b3365c401a18f0f6e6ad9965ff7e8.png)

```js
--proxy=https://127.0.0.1:8080 --prefix=pay`+/*_*/where+false --suffix=# -v 3 --technique U
```'>hw期间某晚上10点，某知名小朋友审计了一套bc源码，有sql注入，注入的位置比较刁钻，sqlmap无法识别，不能取证

##### 注入场景

```js
pay.php?id=pay`+/*_*/where+false 注入error 
pay.php?id=pay`+/*_*/where+false# 注入正常
```

![Snipaste_2024-08-13_23-43-18.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-34eb4ca1550ccb57df23aaabd462a9309e5eb508.png)

![Snipaste_2024-08-13_22-54-36.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-196e7fcd53f245d5e95631a9ea6c2a4e8edc5a9e.png)

###### sqlmap无法识别

![微信图片_20240813223537-1723561048427.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-afe79b09fb31c96f33af2d5a69e6fa531fc03710.png)

注入位置比较刁钻，小朋友说得保留

```js
pay`+/*_*/where+false
```

字段才可控，

在网上搜了一圈，没有找到基于union的自定义查询，于是下了些功夫，研究了sqlmap的union注入流程

##### union注入流程

union联合查询，用于合并左右两侧select语句的结果，得要求两侧select的列数相同，两侧select列数不同发生error,那注入就失败;因此 union注入必须得先进行order by的判断确定列数，后续才能拼接子查询测试。

![Snipaste_2024-08-13_23-25-39.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-1ba67ae92b089d4f3621c434291fb38ff07348b6.png)

![Snipaste_2024-08-13_23-26-34.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-bba6a2c4c30e7fb491148e7a67b7d02e85a68a45.png)  
所以，站点union注入失败的原因在于order by测试没命中

![Snipaste_2024-08-13_23-07-38.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-6ad534c4446c93a7fd3a4f2cc35fab1c204829fc.png)

sqlmap测试union注入的文件在data\\xml\\payloads\\union\_query.xml 根据发包提示信息和order by相关的是"Generic UNION query"模板

![Snipaste_2024-08-13_23-49-57.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-3cbf755f33483da57f390159e4d5c9140526dcad.png)

网上转了一圈，参考报错注入和时间注入的修改request和response两处标签，通过正则等方式去匹配命中，发现**无法过编译**， 后续测试，union\_query.xml的标签\[vector\]、\[request\]、\[response\]不可控，(修改后测试流程依旧没变化)。

猜测可能和**子语句测试**有关，站在sqlmap的视角，他肯定是无法识别当前子语句注入方式的，比如位置是在where后可控还是order by后可控，或者是逻辑符可控，比如例示列名 (SELECT \* FROM users ORDER BY column\_name)等，得构造某特定的类型才能识别，自定义类型，跟进到xml/payloads/**boundaries.xml**

###### 自定义payload

boundaries文件几处属性是控制自定义字符的，preffix和suffix，把这里的preffix改为站点的自定义字段

![Snipaste_2024-08-14_08-02-18.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-fa62132ad06a54af23f66d4e81ec381428fdf28b.png)  
然后得考虑该字段如何去和union模板里的test组合问题，网上转了一圈，当boundaries的clause和where属性值包含union模板的clause、where两个属性值即会匹配组合

clause取值为1-9，联合查询有关的子查询有 where、order by，取值为1，3  
![Snipaste_2024-08-14_08-11-41.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-265c6d692f309318a745981581c191e318f6d693.png)

where取值为1-3，where标签，用来确定整体注入payload的插入位置，比如第一个注入参数，取值为1，第二个注入参数，取值为2，这里就默认为1

![Snipaste_2024-08-14_08-14-26.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-6bb8d3f60a1248c9f9589d5d7693745cbe4089ad.png)

```js
&lt;boundary&gt;
    &lt;level&gt;1&lt;/level&gt;
    &lt;clause&gt;1,2&lt;/clause&gt;
    &lt;where&gt;1&lt;/where&gt;
    &lt;ptype&gt;1&lt;/ptype&gt;
    &lt;prefix&gt;pay`+/*_*/where+false&lt;/prefix&gt;
    &lt;suffix&gt;#&lt;/suffix&gt;
&lt;/boundary&gt;
```

观察union模板的"Generic UNION query" where、clause标签是否能匹配

![Snipaste_2024-08-14_08-20-04.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-15a5e769a6974167bdba5cd2039f613b6222d6aa.png)

没啥问题，发包测试

##### 测试问题

再测试已经能识别到自定义的payload了，但探测的深度很有限,order by的注入得取两个值，一大一小来确定字段，从发包payload来看只发了order by 1

![Snipaste_2024-08-14_08-22-46.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-d6df6dc1621b149306e2120edc157288698a1324.png)  
把流量挂到burp看看，代理后，再次发包

![Snipaste_2024-08-14_08-28-26.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-00e7a312db0f6efe3dd0b1b860353c100a4452ec.png)

```js
pay`+/*_*/where+false order by 1#
pay`+/*_*/where+false order by 4839#
```

这里命中了，但没识别出order by的注入

###### 编码问题

在这折腾了好久，觉得是sqlmap的版本原因，下载了最新的版本，再次发包，再测试发现order by 4839#这部分包又不测试了，觉得是代理的问题，于是换了socks发现也一样，后续发现报文出问题了  
![Snipaste_2024-08-14_08-40-39.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-b7606e1b428b3ed0bf4184351f806340e57af91f.png)

sqlmap报文编码导致自定义的字符失效了，被编码了%2B%2F%2A\_%2A%2F

burp做个发包替换，

```js
%2B%2F%2A_%2A%2F-&gt;pay`+/*_*/where
```

###### 识别注入

识别成功，order by

![Snipaste_2024-08-14_08-45-34.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-693cfe20a644bd521d6ce329b675fdb5e1a46ab6.png)

后续的流程就很简单了，识别到order by 判断列数，union子查询拼接case条件从句

![Snipaste_2024-08-14_08-48-54.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-476bd8fdef3c9ff71f8c1c8cc48379eb5a29676e.png)

![Snipaste_2024-08-14_10-08-40.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-9fbc2fbf099fa405abf1e7c43d6e70380057a0a7.png)  
取证完成

![Snipaste_2024-08-14_08-50-22.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-0a83d9ddf3baa82253bfa7bf79845ff0830d42de.png)

##### 扩展思路

###### 自定义前后缀

后续发现一种更便捷的方式，不用修改boundary，自定义前后缀，在sqlmap发包的时候提供

```js
preffix="pay`+/*_*/where"
suffix="#"
technique=U
```

这样发包会更精准，由于提供了前缀，sqlma后续不会从boundary取注入符，会调用默认的clause和where去匹配union\_query.xml里的test模板，免去了其他符号的测试

完整参数

![Snipaste_2024-08-14_09-03-02.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-bd343a2c396b3365c401a18f0f6e6ad9965ff7e8.png)

```js
--proxy=https://127.0.0.1:8080 --prefix=pay`+/*_*/where+false --suffix=# -v 3 --technique U
```</textarea>
 <div id=layer-photos-demo>
 <div id=md_view><div class=markdown-body><p blockindex=0>hw期间某晚上10点，某知名小朋友审计了一套bc源码，有sql注入，注入的位置比较刁钻，sqlmap无法识别，不能取证</p>
<h5 blockindex=1>注入场景</h5>
<pre blockindex=2><code class="hljs language-js">pay.php?id=pay<span class=hljs-string>`+/*_*/where+false 注入error 
pay.php?id=pay`</span>+<span class=hljs-comment>/*_*/</span>where+<span class=hljs-literal>false</span># 注入正常
</code></pre>
<p blockindex=3><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABrIAAAInCAYAAADUC8nyAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzde3yU9Z33/1dCQiCcBBIyJCLCjCKaRGmC1VLbWslMbRfIvfd277sV7m1XF0m6XQvj6f65q8jah4sysO12J0i1hx9B7ba9G6GnmdB6V0s9EAQnUURnggIJQxLOJCQkJPcfc8hMZiaZnA+8n49HH4Xr8L2+M0npNfO+Pp9vwp79hzsI8e37voqIiIiIiIiIiIiIiIjIcEsc7gmIiIiIiIiIiIiIiIiIRKMgS0REREREREREREREREYkBVkiIiIiIiIiIiIiIiIyIinIEhERERERERERERERkRFJQZaIiIiIiIiIiIiIiIiMSEldN+TmZA/HPERERERERERERERERETCRARZe/fuHY55iIiIiIiMCSkpKeTm5uJyuWhpaRnu6YiIiIiIXLEWL17MuXONwz0NEekntRYUERERERERERERERGRESmiIktEREREREREREREZKyoPuwZ7imISD+oIktERERERERERERERERGJAVZIiIiIiIiIiIiIiIiMiIpyBIREREREREREREREZERSUGWiIiIiIiIiIiIiIiIjEhJwz0BERERERERERERkf5KmTAx+OcLi4qGcSaRrqp8gelXTRvuacR0+szZETu/+oZ6AFqaLw7zTERkuKgiS0RERERERERERMaMkRZiSf+kp6UP9xREZJipIktERERERERERERGPQVYY1d6WjrHjh0Z7mmIyDBRRZaIiIiIiIiIiIiIiIiMSAqyREREREREREREREREZERSkCUiIiIiIiIiIiIiIiIjktbIEhERERERERERkStCSlICAPNndP+16JEzl4N/vuaqcT2OW32qjZa2jv5Nrovp06czbdrUPp9/9uw5Tp8+PYAzCjfS5yciY4eCLBEREREREREREbkiTJ/oa1D1jcVTuj3uh2+dD/65p2MBtrx2Fu/5yz0e1xsLFlzPLbfc3OfzDxx4lzfffGsAZxRupM9PRMYOBVkiIiIiIiIiIiIiIiI9SEz0heHpaenDPBM4POdvhvX6k/eXBP/c3t4+qNfSGlkiIiIiIiIiIiIiIiIyIqkiS0REREREREREREREJA4joRprJLiwqCisKquvEhISWLhwIVOmxl5zT0GWiIiIiIiIiIiIiIhIDxRihbuwqAiA1H3/2ecxbr/tdu5ZtbLbYxRkiYiIiIiIiIiIiIwwBw9+wNGjx/p8/oULFwZwNiIig+PYsaN4vV6Sk5NjHpOUMIQTEhEREREREREREREREQE4cvQo/7phQ7fHqCJLRERERERERERERKQrQw7mpTeT4f/rCddunC7vsE5J5EqUhEqyREREREREREREREaUhQtv4JZbbu7z+QcOvMubb741gDO6EhnIyc3B4P+b98RunMM6n9HAgCEXvFdw4Dd58mSMJhMADfX11NTUkJWVRVp6z+trXTh/AY/HPWBzSZs2kTtuujquY3/9tgeAv7rVCED92Sb+/F7NgM2lP1SRJSIiIiIiIiIiIiIifWbILeCepUsxGADvbmwuL1dqlDUzLY0VhSsAePPNN6mpqeGmnGxuu+22Hs/95OOPBzTImm+4in/75h1xHfuHA58ABI9/+9DxERFkZWRkkDjckxARERERERERERERkVEsI9sXYokMoIyMDL6zdm1fK7JMmCxGjP6/eRwO+psRmkwWjP4BPR4H7uCAJkwmd8jfRURERESkK5PFgtHjwcPA3zubTCZwu/t9zy8iIiIicsUwGDDgxRtvWZLB4Gth6O1lJVNvrwMYfGVTvToHDP6gqrfn9TiZvr1uGfMCIdbUqVMjg6xiWxlmSii0OroZwkiRzYYFADf2sOCpb4xFNmy+AXFYHVjdACYstjJsFnDbrTxo739gJiIiIiIy9pgwF9koNgG4sRcWYu/3k2bFlG0qxt/aHYc1m24/IoiIiIiIXGEMBSu5Jyew7lE95ZtLqStYyT0FnetqgRdX6Utsj7ZmlCEH89KlFORGljJ5y7dgK/f27jrlL7G9PEYcZMhh1ddXEn4pL17XbnaUVkYPkbqZn6t0C9td3s65hZZjGZZyz7psAOoqo8zJkMOqry8lN6KEy4urfDfl5ZHziXwPdsPKr7Eq1xfKlW/eglNJ2JgydepUysrKAEiChLCdxRYTYMPmdGB1gKnYRpGx6xCd1ViBD80Rh+DBWWLH0Y8P0CZLEUX+cMtUbKPMbMb6oLVfY4qIiIiIjBomE6Yom91dnyIzmTEHDnSU9D/EAnB78JgIXt9SVEyJw64Hy0RERGRUO32xHYCf7D3f7XHHz10O/rmnY0PHHUiHDn2Itx+lL2fPnhvA2UQa6fMbGun+6iaAegwFa1lV0DWcMZC78muYI4KWHFatW0luH65z88q15EaESwZyC9ZipTMAC8pdiXVlaOjVeY4hdyXWdbuxbS4PD49inuMzKyPa3EJGDmyr7LKj23EN5BasJDenku2bS3GF7ev6Xn8tasAmY8dHH30EH30EELu1oMVWhsdTiMdowWLpfkCTxRLlA7YbT4m9XxN1O6wUepzYNtmwmACPkwFc50xEREREZAQzUbypzF9lFcqNvbAE46aizofJQgMvSxFlxqLI4TxOHrSGBlEmLMVFmCOfSAsyuulMskzFbLIZ8cQ41lNiHZgATURERGQQtbR1AHCwrjXucw7WDXxIFY/Tp09z+vTpYbl2PEb6/IZeDgUF4PVWUlcHzMoJqX4yULA0B2dpZ6pjKFgaEmJ5KS99CVcdQDq5S5eSQSw55OYC3srg8bNyDcFgyFDwNcyVIaGZoSAsOPK6Stmxu94333X+ORiWck9BZWcA1uUcCHldwKxZOSF76n2tBg2GLsf7xqoLnXrEuF68rnrfMbPSOyu0DDmsWpnDQ6VdU7DO96CgIOYbJGNQRJBldeBv8WeieFMxhYWFFJZ0PcpIUVlIa0HrgzijfKINPihqsVEWWdYVxhTyAd1iKyPaZ2+MRWwq8+3wlBSqtYmIiIiIXLliVGv51piNtt0ZscVotvgeGIv3klEfYPNxOK2oXEtERERErmSh7QAhh1XPhFRczTJgoLNl3qyMkNjHtRtnsPWgF2/MACdwfGl4yJO7kmdXBsIlAzk5Bpz+ICl36dLO4MhVii14npftpRnB8ww5ORjKfetUhZ1DZxvB6K+5FFs5GArWYg1Uo3l3s6NrhVfEuJHtAMPGyF2K2VDZTbtAf9WW2gleESKCLIfVitliw+J2YH3QjttUjG2TuUvrwNAPzSaKizZh7jKOx/mgf50r/1HRP03HEOPDd8iH9VhPgoqIiIiIjDluO1ankaLi2EGSiIiIiIgMJy+VlaGpSiXvuvBVT/UkdyXWlbsp310eRzDjpXx3l6DLtZtybw6BDMiQkQ54gRxuDrm+60R9lzaAJ/Dir5AyZDAL8HY5B1dpzBCrd7qOuzsipPJWVuEtCFR2hQdyXblKFWKNdTPT0pgxYzoQtbWgA2uhB2ugnMoExphPe/pF2x/5wKeIiIiIiPSFx4PDCUXFkbvc9kIKY/b0M1FcFq09YVcOrNlW1PBARERERKSv/C32QtSd8EKM1aBcu3fjze2sUDLkLmVV7lLAi6v0pW7Co8jrRAhUfxkMzArZnFuwltyYLfnSMRjARfg53hP1PVwsTl3m4nJFqTrzeqmj8x3rDOQiDuREXZTNMqZcNW0axUXFjE9JibFGVuji0W47hdld17qyYKsKaS1YWNh9P3yHlWyH1fdnkyl8/MCItip/S0NwWLOjtw00WTC5HepYIiIiIiISymTBEqWTt8fR+z4GJpMJt/9+3WQppqjIjMVkirxHNxVTtsmI0+nE6XREu8UXERERGVKT9/vWR7mwKNqaJTKa1TcMUJgyknjLsW32surrK0PW0gIwkLtyLc92bR/YG3XeqPFPn4Y6MXxlT7FDtDjCPBn1PB4Pdrud4uLiyCCrqqrK9we3ncISI2WBdCkmE8VlVUR5ONQXYIV+2jUVU1Z
<p blockindex=4><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABnEAAAJXCAYAAABMoXGRAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzde3yU5Z3//1dOHBJQDgkMiYiQUYokY22C1VrbWsnMdrtAttuzoSctkrT77cKgdtv9KdJurWLi9jRBqmuVeKi12wi260xo3Wqtp8TDJAroTFAgYUgi5xwgIfn9MZPJTGaSTJI7J3g/Hw8fkvu+r+u+5p4JXPd87s/nivtITm4XIiIiIiIiIiIiIiIiMq7Ej/UAREREREREREREREREJJKCOCIiIiIiIiIiIiIiIuNQoiU7a6zHICIiIiIiIiIiIiIiIr3ELV26VGviiIiIiIiMssmTJ2OxWHC73Zw6dWqshyMiIiIics5atmwZx483j/UwRKJSOTUREREREREREREREZFxKHGsByAiIiIiIiIiIiIiMtZq93rHeggiEZSJIyIiIiIiIiIiIiIiMg4piCMiIiIiIiIiIiIiIjIOKYgjIiIiIiIiIiIiIiIyDimIIyIiIiIiIiIiIiIiMg4ljvUAREREREREREREREbL5ClTg38+eXnhGI4k0ozqB5g54/yxHkafjhw9Nm7H19jUCMCpttYxHomIsZSJIyIiIiIiIiIiIuec8RbAkeFJS00b6yGIjAhl4oiIiIiIiIiIiMg5Q8Gbs1daahoHDuwb62GIGEqZOCIiIiIiIiIiIiIiIuOQgjgiIiIiIiIiIiIiIiLjkII4IiIiIiIiIiIiIiIi45DWxBEREREREREREREJMTkxDoBFs/r/+nTf0TPBP184I2HAfmsPd3Cqo2t4g+tl5syZnH/+eUNuf+zYcY4cOWLgiMKN9/GJjHcK4oiIiIiIiIiIiIiEmDnVX8DoG8um93vcr18+EfzzQMcC3PvcMXwnzgx43GAsXnwJH/7wZUNu/8Ybb/LSSy8bOKJw4318IuOdgjgiIiIiIiIiIiIiIiIGiY/3B4LTUtOG39ewexARERERERERERERERHDKYgjIiIiIiIiIiIiIiJiICOycEBBHBEREREREREREREREcMYFcABrYkjIiIiIiIiIiIiMmHt2rWb/fsPDLn9yZMnDRyNiBhNmTgiIiIiIiIiIiIiIiLjkDJxRERERERERERERESGypSNdfllzA38eMi9E5fbN6ZDkrOHgjgiIiIiIiIiIiIiE9SSJR/iwx++bMjt33jjTV566WUDR3QuMpFtycYU+Ml3aCeuMR3PRGDCZAHfORzsmjZtGplmMwBNjY3U1dWRkZFBalr4ejoK4oiIiIiIiIiIiIiIyIgzWfK4fvlyTCbAt5Nit49zNYwzOzWVVfmrAHjppZeoq6tjaXYWV155ZdhxWhNHRERERERERERERERG3twsfwBHYjbCmThmzLZMMgM/eZ1OPMPt0WwjM9Ch1+vEE+zQjNnsCflZRERERER6M9tsZHq9eDF+7mw2m8HjGfacX0RERETknGEyYcKHL9Z0FJPJX7bNN8gMlsGeBzD502UG1QZMgSDNYNsNOJihve6zwNCCOGYbRYWFWCkl3+7s58BMCouLsQHgwREWdBmazMJiiv0d4rQ7sXsAzNiKyym2gcdhZ4Nj+MEiEREREZGzjxlrYTFFZgAPjvx8HMN+yqqI8nuKCJRyxmnPot9bBBERERGRc4wpr4Drs7vXOWmkoqSMhrwCrs/rWUcHfLjLHmNbtDViTNlYly8nzxKZwuKruJfiCt/gzlPxGNsq+giFmLJZ/dUCwk/lw+feySNl1dEDKP2Mz112L9vcvp6xhabhmJZz/fosABqqo4zJlM3qry7HEpG648NdsZOKisjxRF6DnVDwFVZb/AGpipJ7cU2wKNAQgjhmiu7pvvErptjlxO4Ec1ExhZm9j+3Jwum+YYw4BC+uUgfOYdw8mm2FFAYCO+aiYsqtVuwb7MPqU0RERERkwjCbMUfZ7On9BJXZirX7QGfp8AM4AB4vXjPB89sKiyh1OvRQlYiIiExoR1o7AfjNqyf6Pe7g8TPBPw90bGi/Rtqz5x18w0h5OHbsuIGjiTTexzc60gJZLQCNmPLWsTqvd2DChKXgK1gjggzZrF5fgGUI57msYB2WiMCKCUveOuz0BH+CLAXYC0IDPj1tTJYC7Ot3UlxSER446bON35y50cYW0nP3tupeO/rt14QlrwBLdjXbSspwh+3rfa2/EjW4NJEMIYjjwVHqpCiQDmMrLsfrzcebacNm67+l2WaLcnPpwVvqGPwwQntw2sn3uii+pxibGfC68OquUURERETOCWaK7ikPPGQVyoMjv5TMewp7HqQKDfbYCinPLIzszutigz00CGPGVlSINfJprKBMDz1RHHMR9xRn4u3jWG+p3ZjgkYiIiMgIOtXRBcCuhvaY2+xqMD5AE4sjR45w5MiRMTl3LMb7+EZfNnl54PNV09AAzMkOyXoxkbc8G1dZT0TDlLc8JIDjo6LsMdwNAGlYli9nLn3JxmIBfNXB4+dYTMGgiCnvK1irQwJGprywoInPXcYjOxv9410fGINpOdfnVfcEf3q1gZDXBcyZkx2yp9FfXs1k6nW8v6+G0KFH9OvD5270HzMnrSczx5TN6oJsbi7rHQHquQZ5eX1eoAljaOXUnHbsVlugrJmZonuKyM/PJ7+094GZFJaHlFOzb8AV5W4u+ICgrZjyyHSeMOaQm1NbcTnR7jvJLOSecv8Ob2m+yjmIiIiIyLmrjywd/5qS0ba7IrZkWm3+h6ViPWXUh7f8nC47StMRERERkXNZaAk0yGb13SGZNnNMmOgpEzZnbkjIw70TV7Dcmg9fn8GL7uPLwgMclgI2F3QHVkxkZ5twBYIoluXLe4Im7jKKg+18bCubG2xnys7GVOFflyasDT2l06K/5jKKK8CUtw57dxaSbyeP9M7sieg3sgRaWB+W5VhN1f2USAtk60ywEmqhhhbEAZx2O1ZbMTaPE/sGBx5zEcX3WHuVSwu9YTRTVHgP1l79eF0bAuvaBI6KfifZhz5uPENuVPt6AlBERERE5KzjcWB3ZVJY1HcQRURERERExpKP6urQiEI1b7rxZ80MxFKAvWAnFTsrYghK+KjY2SvI495JhS+b7viHaW4a4AOyuSzk/O5Djb1Knx3CRyAzxjSXOYCvVxvcZX0GcAand787IwI0vuoafHndGT3hwaje3GUTO4ADwwjigBN7vhd7dxqNGTL7fMovINr+yAf9RERERERkKLxenC4oLIrc5XHkk99nHTMzReXRSrL15sSeZUeJ7iIiIiIiQxUoKxai4ZAP+lj9xb1zJz5LT2aKybKc1ZblgA932WP9BE4izxOhO+vHZGJOyGZL3josfZYhS8NkAjfhbXyHGgc4WYx6jcXtjpJt5PPRQM8V6wlGRRzIoYYomyeYYQRxCKmDBngc5Gf1XtvGRnFNSDm1/Pz+61877WQ57f4/m83h/Xf3WFwTKOMGTntW9FJpZhtmj1NVGkREREREQplt2KJUL/Y6B5+/bjab8QTm62ZbEYWFVmxmc+Qc3VxE+T2ZuFwuXC5ntCm+iIiIyKia9rp/TYiTl0dbp0EmssYmgwIJ44mvguISH6u/WhCydg6ACUvBOjb3Lpk2GA2+qKGPIXV1aOzSXfoOIMUQyJoABh3ECQ2iAP7gTWkm5WEbozFTVF5DlIcC/cGb0Ds9cxHl5UXgtLPB3ncwxma1YXf2iuIE2po9Vuz5ekpQRERERKSb2VpIcUS6jQeHd0PMfWTaiikvtGE292TleMjEFqhz3HuObrZaMZvNmM02ijIJn/eLiIiIjKFpr5cqkHMWOSsDON181WwruRVMJizZy8nLy+7J2xlwTZhQacyNlvDTK7PFXXYr29wDDiqsjcWSDdGyZgar11j8awL1enG9snXOdsPLxAnhMeyROhvF5UX+smu2Ysozrdg32HFG695WSFGpM5jdY7YVc09xoP632UZxuRdvvkMZOSIiIiIiBsm02gLrUtooLCrF6fCA04Wz2ObPwLdZsdmdgYepzFitPUEjj1crVoqIiMjYO9XWGvxz
<h6 blockindex=5>sqlmap无法识别</h6>
<p blockindex=6><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABsAAAACNCAYAAAAJr7/2AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOx9d7wlRZX/91Tf+/KbNzkyQxiGOMDMkAZRARUUFsRdMCAImJZ1Teuuq+uuu+6uq6u/Na2uOayAihgQEFdFQUAGyTkPaQJMnjfzcrjd5/dHV3VX160ON71335v+zufO666ucOpU1amqcyrQjDmrGcwAAcwMgAFmAADDfy/SbsyaPR/TGm2LsfSv34wl+41i99VXYf1dvWCbv/3+A4WXvUq+jIHveQPc5/c0hqY5H4DzqreAyPKNN8G76a3wdrvp8XS+Ec6ZHwIJFXYzvJsvgLcrPSwV9kPx6L+Hc+jJYOHBdUtgT9UP9R8AeMCe38N78H/gbd8ZhrcSr2Ef42dh+Stx+GVr0TH8NJ778vXYscurKAvZ4WDWRe/HoWtGsPWr38ILzzYqnWR0nfwxXPPf52CBA8B9CT9+z4X4z3tGU8M5y96K7//8fTi6kCWVcdz/X2/GO3+0FdZcFlbjH67/Ci5YJGxfq4SH3l/8HU7/97swXkmwzpU47N/PQs/W2/HI5+/A0OQUS+Og2hYb71VHZpXClgRVojUlmGOawaxBthqV15h9EbaaoVAX4TU5SKvwcVlqgiwLEhAOwS25ABgeMwhkH6/VBJ0peofV+MwzGOwBIAEiAWYPBJ6SVS2KpAwkVa68z86RI8dkYxrKICVabX9NZJlqQakGDXlO/n/+n5CPqbqfSQGF/xtDPitb0rKghcuSXdYSMf0z+24ky4KVKpbZdyP4Y4cgAiMfHPkToTGChDEg6y8JyMCW1DhqR6Pjrwcmh0azqZvlFScSMoqBOqN5y7F393YU29eChIAv4whK8etLPPUufN4RAAgALMf1pBxlIUiOM7SGnkSBtMlY3MOyIygbTpAMyLfnmNMb5aYLoiAuKotbjzFCR4R+klliLWoXgYCyzUfLKprhGKm45YGUrAyeATA8ez2PssenUxZWoeDsAeCBFeGBTz9jDAa8uEKYJqAOzP6Lc7B4KTB007V49q7dCbnVecHGe72RFHcFaZcGAM8DhKox/cC4lxqWOk9E66mfRmFON0qlcbilEnh4A3jXM8BIHzzuAHWvAM05EHAEMPN0iFNWgR76KLz1T2l0Zs3j9OYnAJSevQ1PXz0TKy88FAdcfCKG/+cODFRkQckKtvwssMg2q5+470n6I7EYr3/HazC/4Kc//PDV+MH9I9FwsWmy/KX4U4kr/4lx1bNeVRmnTkvm/E1B1CFfFOnk4/1EYfeZq9mmKmovNTOGfb4eVGIFnLYNJ4vcmKJj3moqfGTyNDkQDsAeg4jB7E+mlOKnvuAMz+nQp2WZUg3mVwQif7xI8EJFVt1hUmiqQ8yZaS3IwruksXcDkGX1Q7Xx6jArQVylSKospgaqluKwFTkMt2rkvak1q5QmnYYkP6Y/2yAwy7wlR45phQobndSzBsHMv0bMET0t7E0r1NlqiluVSCAbKHQPjDTNOYgMzGHCn45b8xx6tH5U4RL9AVa5KcgQa2RhFbHvzzPKyBw3mDJTPZpju4gs5fB/sqgzUootrq5Eg9UgpJU+PCZv9cf06FASmrr1O1m+NS9iW2nMt+pB8NDSslm2SX8yQqRkHYEEgZikDUg1NJK6K9LCcVQ2WqDmPEzw44ScC6ncqbag5TiSW+OFSGrHGOCIcAs9humFL5zGQ3M8VjZWU2lxWZCIqz8VspEV7U7MJGPJ84LvehdkJq7b7Qo0OjNYhej785XVfkD2GdOyG1OhWVSLwhGn4oDjesCbb8ezv3kJbmJe9Rk5Ge91xsiD4PVOYFWmOWeAZs+oPO3Rm+DdfyzE0a8Gie3gJ78Ery95FuO0rETrKz4P9LRhbHQM3q4b4D16ObwtLxr1j4HW5aAVl0Ec8nKI4nzQqi+B+K/hPvNChkzuG/yMBL//d3j+sP2w4riTcOCpz+DR3+1oQLdLlp8FtegtzG+Gv/bVF+DCY9p9GeLuxG/+91fY5FLUr3Mgzvng+VjVbtDXdTCWSNP92OYHcNPDO+y7u0Yfx8+++Es8NjQKj2PyOP4gPnPmK/CZ2EwIHHDpN/GzDxyJIvfjt/9wHj7yu4H4PEdQYV1lMn6VBZ9KsHVgQDZdiB5HVr9Z4il3ievN46hM6v1zTHmkFe10MAhVauuZxjKqNpQNzTV3HemVJsv0bapXuzQILqDklfzJiTYhq6T+pSlkstoq7Nqk+F4kGxjM/gSaWAQzLoobt9QFSaqNaV6jzEqQuR6l8CWL/KzW1sfG32qRRmO18r5W+rKGS+Nn3iflaFo0j1ythJJKegfVNevGMFYhGJryNbS+UBPxpQyKzEDJbKE1gXzdcBRRvsb4C77pil5lMFQOrCXLHGzaUGTo59lYlcgWsgmIbv4oCxL/MVvpNUgwm0TXHB+qa6YR7T328X4oTXfSKKRJpjqCBWhgMYiEZsASviyTq/MI8jQH3+Tl08C+Aco3cPvv5Vs+o+QqIxfJF5J1Xi3yDvdpSUOZTE/JVXVin2/EAkAcfKNIWWlCiHTZxUEWScpzClyTq3uYFSMNI0SoiZbWJnnKR0QwajvjSOqASQpKku6RCIOgntx7F683DGuqH2dhvHUUrBPLGiMAMHsoTucdYGIeFpx5OFqwF9tuuBuDpSwzFDaeG8SbwdvgPXibfHFARx8PZ3Z3FWmPgl/4JNwXPpnulQiO0wln9b/AnVOEV+qH9+wn4T1wMzw3Jq3RZ8GP/QO8l94IOvn9oI4e0Kp/g+h9N7xdacfdTXN+2sBD2P1/69B3zBnoOWUtZv/peuzKam9JhU0A6e9pWl01yiLjkyGt0wYQYh7OfPtZWFIAwIyxp36OK/40VB7GWYTjzj0Xb+iJO56Q0LJ0Dc5cav/KwwI3ffanGPVS6AEAIeDYVmA4S/Hq0w9FQQBe3z246Z5hOAUnISIGu57dIJeGjHbJ6QCzC2wuHUacNigLlVk1STmmImwT2GCcRfZhPlmemgY2W2/lNpocZahEsiXLiSxSZDpLGhICnvDAHoO1iRhTZdUyaYIW58cepvIyTAN7chJM/nJDZk+ugMwb36TBqrNJ0SIqL1ns35UWrS2+OBpqRRxtSe4mKs1rNVXdTDdOq5FjH0Yzyc99qEIqAw6r/3xwsNNZHYwFMHGg3G2W8irTigTXWuhaUanazSLbAKSuZ9F0uJ7SAXCoI/e0dz0Qu2H8gT9LRqy2IllOEZ2FpnMus66hMjGbumskK2KU29kpyYhqq58Zrqp4GiMfbEOQxkuiqaALqZ4uJsZo11AwGSF1JAWp4xClESw4qkK5eYHRppJKogxCat7D6hzUmHl7IHuD78YAkiM+pZOvLNXNZv7XqMErGr8tTpMQ3cGiHbXFI3XL/sJAI49lsiCkjEge8ViWQFmC4bOZPgiFYqnkfw4i4/L3el6d02QQBx6N+Ysd8NaHsX19Q86imzIgIhQdAXSeBSzdD+74OPDSF+DddxM8j4BCp9yzPQ6Mj8owQFD7e38C9/Y2OKddBiouh1h9Afjm70fPLc7ho/dxbHv45eg59mAsWD0Du/7YV6eI0zqkLCoiREdRHOcnnoqWI87DxSe2+asYvD24+fvX4nmbcVkJ+GpX+ATh0zw6WPOhn+A7Fy5CrGmLGdR9Gv7fH05Ljsp9Ft9866X42tMZ7ouLpTcr3eV6lviVGOVr7MwBfpyeZp+AbRBhMwrEPefYp5A217FXiyacBNi6hPrr95sGdvlYPrgPXXNMKggoEMAlD8TqSmL2T9Wv68rfrGqB+tcJln19cHoKc7AKMRtNORqCrGxPkpdZ5uGVIOMQPUTcqoZGpKV7oOryWmtVz5vKvglbFQ/G74YCP27iEz95mmaY2HGNUgP5djCl4PQVmwDLXQUU8D/NmFSDREujMhla3SDTUa9ilqh0lWlc/sxqSkBwYpjSc0udcOBXkH8Ljdr9QIC2SyNMM1KttfpO2nvQHEwdtBaOoAVQqHmYUkXAhCD1acLTSxDYqlz17Wd68aZ
<p blockindex=7>注入位置比较刁钻，小朋友说得保留</p>
<pre blockindex=8><code class="hljs language-js">pay<span class=hljs-string>`+/*_*/where+false
</span></code></pre>
<p blockindex=9>字段才可控，</p>
<p blockindex=10>在网上搜了一圈，没有找到基于union的自定义查询，于是下了些功夫，研究了sqlmap的union注入流程</p>
<h5 blockindex=11>union注入流程</h5>
<p blockindex=12>union联合查询，用于合并左右两侧select语句的结果，得要求两侧select的列数相同，两侧select列数不同发生error,那注入就失败;因此 union注入必须得先进行order by的判断确定列数，后续才能拼接子查询测试。</p>
<p blockindex=13><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA5UAAAIuCAYAAAAv0izRAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdbWxc5333+d9IsmjJD6JlSXEsJ2JuNzbFGRTVqk1Y9EGI1RdJejc7lTKjrGLYRIm9sQs0yXa7LYiVZA4lGeCmCLKJ++oGVNDaxLBmLJXIbtssNnaguy3K+K5XRXZmSDsRQsVWEsuOQ8aNZFkPsy9m/pyZi3M4MxfPPJD8fgCC4sx5uM51zhmd//yvh0ihUCioSfPz83WX+fKXv6ynn3666rXHpj8tSSrcLqhws7Tb2wV97I7f1Mndo9q4fmPV8v/28+/r79/6tv7txv+ntyJv67uxf1hyn5lkREmlVUgnyi/mxhSLpZSruUZUqWxWo9GK9fMpZbOjitY9QqBxR44c0V/+5V9WvVbrHpGkTf/5Pn1sx2/q07s+qb3b9+gj9/Zp+53bde/GeyRJv3z/Xb313lv60S9n9f++9W/6vy79g/7rlX/Vtf/0i+ACZJKKJDOSpGgqq2zpos+NxRRLVdwd0errP5OMqLSa3Ptlqe0Czap1jyzlz77/u4oooj29+/XpB/6T7t/4oP/OJ4fUOzSp/pEpTcUnNTg4rhnFNTE3obi77My4BoekiakR9S+8NKjBmRHNTSxaumL7qr29kE1PTze1/O7du5d4N6szx76rHV/4gj6xw33vir77zDO68okTOhRbav2coicOaWGR7BkdOyMdqnxtGb7zne/oD/7gD2q+Nzo6qrGxsbqvSZMa6p1UfG5C/XYuR2Y0ODijkcpzNjmk3vF+TdU691XLT2qod0iTSxW8f6RqOwCw0m3oxE4j6yKKbIwU/yhIL7//iv6n7F/oqUf+Vz2w6QMLy03Pz+j/fuf/0bp7NiiyLlJ3u4l0QYsi5OiosoXRhspVc32gA16+8q96+cq/hrfBRFq1vj6Kjma11O1R954I2C7Qao/e/Vv6ow/+j9q56ZFlbWdmfFCD4zOKT0xIQ4PqnRzR1Nxc8MN+/4imppa1y5bavHmzrl692vCyq8F3vvOdJd8fHS1+yC0OJksmJzUZj2tCkkamNCdJM+MN7Xtmpl8TE3Fn+bgm5uYqFhpfHKACwCrT1qDy/g1b9fOb71S/GJHWbVyn/M1X9WTuv9eB+z6j//jBT2vn5gf13/2HpO666y599cpfa+sd97WzqEDH/FHfH+r/nP27ptb5bz/yRy0qDdCd/of/8NXQthWfmNNEXNLcnCaHejXY20BAEZ8IzkyqHKxWLt+OgGLXrl2t3UH2jI6dyZb+iNXMUmbPHNPCIpKyx7I64yxzpsZrih3SieC0Z01BWUpJ+sd//EdJSwSTJZOTMxoZsbNTkWVs4JzFJyYaLSoArGqRdjZ//d6//1f91U//d71zs3YzvcLtggo3CircvK3C7YIUiWjdhoi2b9qh/+WhL+rjd/9Ws0UFukIzzV+lYqby7y99W6+8dUE/+uWs3nrvLf3y/XclSfduvEfb79yuj9zbp/9m+2/oP+76lH5rx2+2/BiAVmq2+StQz6lTp/TjH/+46rUPf/jDGh4e7lCJAGD1amum8uN3/5Ze+Og327lLYEX62I7f1McIFAHAG8EjALTPuk4XAAAAAACwchFUAgAAAAC8EVQCAAAAALwRVAIAAAAAvLV0oJ4jR460cvPAisc9AgAAgJWuZVOKAAAAAABWP5q/AgAAAAC8EVQCAAAAALwRVAIAAAAAvBFUAgAAAAC8EVQCAAAAALwRVAIAAAAAvIUyT+WmTZvC2EzbbNy4sdNFAACgOT9J1V/mwQaWQVeIRCIqXB6tvyDnFMAKQKYSAAAAAOCNoBIAAAAA4I2gEgAAAADgjaCyG2RvaPPR98o/z9/qdIlWtdnTw9q/f7/2Hz/f0PLnjze+LFaPc88v716cful61X39eDbEwnWB5dwXzd6D3WDhfHbZ5/Psy9MafuZtzbZi4/zf1Dazf/uKhv/2aqeLAQDeQhmop5vMXTincxfmpI98Qn/yiY90ujiNid2hqyfvkFTQ01+/rqdbvb8rN7X36ze1+3N36huxVu+se/X17ep0EbBaZW9o70vSkS/eqSM7Ol2Y7rUS78HdO7rnu1gLKLXzrtbsYAX/35S7/GeKvfG6tPXPVfjob3ttI/ODzyr5TvnvxEdfUHprkxt55yuK/OBfKl74kFK//lWNOuMbXnrjqmZffkXD2qtTf7zZq7wA0EmrJ6icu6Bz5y5Iez6hPb3f1YVOlwddq++JU3rxiU6XAqvZuewtaccGHSCgrGkl3oO7H+vR1cc6XYoKl3+sE8+8LWmbnhr/sPo6XZ5ucS2t2PfT0kN/rtSmryjluZnMDz6rpP5chY+XAtJ3vqLIDz6rZLOB5dY/V+Hj5T9zl/9Mse//mfTrX61abN8Xfk9PPfOPOn7uFR3f+Xt66mOeBQeADumer1yX5Uf67rkf6SMH/kQH9tzX6cIAgLQjot2dLgNWqas6/cwlzWqznhzfrX2dLk7X+Bclv/8vSvz6C8rufGhZW0p89IXqDOfWpFKbpMzP/yV4pQZEdyaV0OvKXVv83r4vFM/l+WemtXIahgNA0SrJVH5En/iTDjV1zd5w+pms1zdO3qEDSy0Tu0NXP7d++fsK2M655yv7b0V05Is9OrKj2Cdo70uFheWmn39P5UY2NcodaFanh4f17K6n9OJT5ceZ88f367iqX9P5406/qX166sWnqh+C3GX21djG6T6dOrVLp/cfX/jPdt9TL+qpZp6m6u0nsMxSc09tpaZiO6rPz7nn39Pjcs5ZGNdP9oY2vxTRK1+M6OmjN3Su9PKBppqQFct8Ltajb+j98nWyY4Ne+eKGquDIvY5qXoc+x1WxTM26qtx/dv1CueqWp9H6WVQeSa1oHt5geZY8LtvGYwXtfb6YFX3lc9LjX7+p6abu5aLZ08Mafna2/EKte2Op+8Lu0SdmNXz8vNT3pE4dk04MP6vZynu+7j1Y/Gw5v++UjulEuUx9T+rUqSeayMY1cg82eM03+Lm79HXY+P3VkJcv6dnLkj62S0/sDFhmTf7f9NtKf9yvqWvbXHtdeUkDNd/cpicObNb5c2/r9N9e1T6awQJYQVZJUNkhV25q7/O3ln54z97Q5uelb5y8s/Sf4i09frT4WlP/eTe0neJr53Zs0Csn7UGloKdfuiU9tr7cfKtdfSpnT2v4+Pmlg7/zx7X/uPTUiy+Wnk/P6/j+49p/3HnYnH1Ww/uLgeSL+0oPwceP67wboC5l31N68UVpISgOLM8lPXnqRT3RZy/t1/FG99GMMK+fKze192gxMLkaKz2kPX9D55oMLqZfuq69C9dP8UF47/ORqmDmcW3U1ZOR0hrF8ux9aZ1eeSzS+HE1tExB09KiB+7pK4WFLGDxYXRdxUOnZ/1kb2jz87er+kAWA5AmLHqIv6HNR28U/+kGD3XK09BxXbmpvS8Vt/v412/p8efX6cgXN+jpr9/UuewdOtDovX3+uE7omF58sc9e0PH9xzV8+pROlW+C+vfF7LMaPv2kTp3q04nh8zpxYpeeOPWkTg8/q/PnpX371Ng9KGn22WEN73tKL764b6E8J07/frk8IZp+6br2xu7Q1ZPrZfX8+Evry9dzA/0KG70O6+6rQee/97Ykad/Ht9VegP+bWuAN5a5J0fuXlwHNvJFWblNSZ7ZKmRrv931su/rOXdLsG1clEVQCWDlWSfPXDrlS0LQi2h3Yb6r4n+buxzZUPNiv15HHIlL29kKGor7GtjP90k2d03p9o+qb74iOPObxzXMYLs1qVn0KHotjVqdPn1ffk09UBIb79MSTfdL584ua/1QGp32/v099uqRLs2EW2MpzTC14dl0s5Oun8gFyd2y9duu2pq80Waaq4CeiAzFnX7E7nAfg9ToQk6av3G7iuOovs3tHxT6u3NTeo9f19BVJKmj6ig2WcktPv1TQgc/dUVU/3/jceil7s7R8WXD9WD1vXN6gOrE7dPXknbp6srSfir+v1shGBZen8eM68Fj5AV2xDTrg0+
<p blockindex=14><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAvYAAAGDCAYAAABA5lTPAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdeXwU9f348dfs7J3NSQ7IAQEEQVFBsH7bWqNi7WG1LT/vKlhRa229atW2oFU8WutVtR61Ygu1laKlt9UqaHpIPapWoSigBJIQcu+RvXdmfn/M7uZONhAIWd/Px4OHZneOz8zO7L4/n3l/Ph/F6/UaDOFHP/oRt99++1CLCPGRsWzZMq6//vper8k9IkS3ge4RIYQQB4ZlrAsghBBCCCGE2HcS2AshhBBCCJEFJLAXQgghhBAiC1gzWWjZsmX7uxxCjGtyjwghhBBirCnDdZ4VQgghhBBCHPwkFUcIIYQQQogsIIG9EEIIIYQQWUACeyGEEEIIIbKABPZCCCGEEEJkAQnshRBCCCGEyAIS2AshhBBCCJEFeo1j73K5xqoce8Vut491EYQQQgghhDgoSIu9EEIIIYQQWUACeyGEEEIIIbKABPZCCCGEEEJkAQnsR9OmOO7lke5/a7SxLlFWq1u9lIULF7JwRW1Gy9euyHxZkT3Wrdm3e3HLhmiv+/r8TaNYuIPAvtwXI70HDwbpz/Ng+36uXcHChSvYL2dSfpvGmVpWLFzIOLqtxEHkoA3svW+t44knnuCJl3aMdVEyN8dG6DYnodscLCs9APtrSTA/CwONkaqunjLWRRDZalOc+Rtg2ZXO5L3t5Mk5Y12og894vAdnlx5EP391q1m6opbqJYup2R/bH8e/TZsbr0F59QyUbRv3ehtPbzvD3Eby31kde7GRjnt6bUN59RpuCe91kfps8x6e7vVGDYuXVFO7QoJ7MXLW4Rc5wLxvsW7dWzDvROYVvMRbY10ecdCqXryS9YvHuhQim63bpEGplUUHIhgah8bjPTj7JAehk8a6FD3VsmLpKupqbmL94uqxLszBI7yWOe+shcprudl1Dzfv5Wae3nYGZ3EtxrEfN1/ouAdl2xmcNeMZ1haNYENF12Ic2/3n5sZrmPPONXDkfXx/rwYUrOeWhsErK9WLV7KSpSxdsYLa9TftnwqfyEoHUZMFwA5eWreDqYsuYtG8wrEujBBCQKnC7LEug8hadatXU0sNN90koVu3jZz1zkbOPPIZNlVU7tOWzpzxDMaMj3e/UHQWN7vg6fa9fwIAcHjFWZxJPZv3stV+c+O93Bz+OGt7lq2P6sWLqaGWFdJsL0bgIGuxn8qJF00dm11vivfJO1R58jYbi4ZaZo6N0Dnqvu9rkO2sW9PzUabCsivNx6hbNkSZv8FIL7dlTQT3UOUeVB2rly5l1ZSbWN/jR6V2xUJW0Ps1alf0yaOt4aa+rQh9l6kZYBurq1m5cgqre+SS1ty0nhH9pg23n0HLDCNr9jC4/YEot5f2/nzWrYlwPn0+s9G4fjbFcW9Q+M+VCrcvj7Mu+fKic0aS/mGWed0cB08S675OSq3850prrwC173U04HW4N8fVY5kBz1XP/W9S0+UatjyZnp9+5QH2R/pMhuUZ8rhS2zjJYP4a8+nAf86B8x9IsGVE97KpbvVSlq6q635hoHtjqPsidY8urmPpilqoXsLKG+HWpauo63nPD3sPmt8ttTUruZFbu8tUvYSVKxdTnfERZXIPZnjNZ/i9O/R1mPn9lZlaVq+qo3rJjYN/NX0kf5s+ztpjBw94Dwrhev4HHLZXK2/kloZ6Dq/8Fmeydojlkik5q2qppUZa7UVGDrLAfoy0JJi/Rhs6gNoUx70GnrzNmfxi0jh/ufnaiL5AM9qO+dq6Uiv/uS31Y2Fw+wYNTlK7HyW3JJj/QILZIwr89kIy/3PIALx2BQtXwE3r1ye/fGpZsXAFC1f0+cGvW8XShWYwv74mGYiM9FFjzU2sXw/pismg5dnJkpXrST3dNiss+8FoXj8tCeYvN4PD0JzkD+WaOOtGGOBt2RBlfvr6MYOR+WuUXgHl+dgJ3aYk1zDLM3+Dhf+cpGR+XBktY7AF+gU9W1qMdGu4GRBYevzw7+X52RTHvUZn2ZXOdC6xGQSOQL9AKo57edz8374B3DDlyei4WhLM32Bu9/wHNM5fY2HZlVZufyDBuk02FmV6b9eu4FZuZP366tQLrFi4gqWrV7Ky+yYY/r6oW8XS1UtYubKaW5fWcuutU1i8cgmrl66ithZqasjsHgTqVi1lac1NrF9fky7PrauP7y7PKNqyIcr8OTZCt6mkzvP5G9Tu63mOjdBtNtKVhcG2kcF1OOy+MlVbSy3VLDm+euD35bdpP2hgcxgOn7BvTwKebljLZtdZ/GYk6Typdbfdw9Ous9hUUQXD5PtXH19D9aoe954QwzjIUnHGSIvBFhRmD5pHa35xzT7J2iO4Ull2kgKb9HRL3fAy286WDQnWofJkrxYghWUn7UULzGjYWUcd1QzeP66O1av7dvwyWxrMH67eelYQqo+voZqd7KwbzQKnynMj+yF+6G+Ur5+eP+Kz56jMRmdLywjL1CsAVVg0p8++5tj6BCEqi+bAlhZ9BMc1/DKzS3vsoyXB/OVRbm8BMNjSkurAqHH7BoNF59h6nZ8nz1FhUyK5fLfBz0/qPNv3rYNguqNhcj89/g4N0Co7eHkyP65FJ3UHScyxsmhv0n9qbuoTMNdQUwN1dTuTf2d+X9QsTrWq10HNYmqqp7BX3WOrl7AyXbHvW55RVmrlP+kAdIDreVgjuA73eV+mup07gSlMqR5kAfltGnVPb7uHp6nizKKqka/cowPtWR1V3DzjLA4f6TbCa7mlA86szHDd6uOpqYado/sjKbKYtNgDzLGyrDTK7Q9EuL3HY8Vu5g/1lg1R3Bv2ZUeZbWdLiwFzLCNqod2vahazpHopq5YuZBXVLFm5sk9gsJO6OqirW8rCfk13fcOBmt6tDtWLWTnave/q/k5tHUw5UB3RRvX6UXu30CZbxkasT2BoBtDJgLNnS3bfUSt67nvY4xp+mdmllnSLPZs0tmCwbpPBsp6dFzfprEPpv+1ShdnJCgDp94Y4Py0a61r6VCb2uyHKk8lxAfQJ3Pal/AOOopG63zK+L3pX4qdMqQb2MhifMmUEaTf7aF/7QozkOhzNfhfV1YNXmuS3aVQ9vc0cEefwym/tXYfXnh1ow2uZ884ZPF15n9nynpF6btm2ls1F17JphC39ZoW4emQriY8kCewBM0fQybLUI9pBvkRHlus8uKG30zeQORhUs3jlehanHrsPEuCPOFc+axzY62c0mEF975zX/ikrmRzXMMuUKsxGM6/pFlh2jpV1GzS2nKQkW+wPZBCe3cygvnffl/2WfiZGT10dg4ds8ts0WjY3XpMM6kcSiA/BdRbfL1rLWe0b2VxRlVnre8dabg5XcfMQHWYHMx6HlBVjQ1JxelGS41U7WFaazBsEwMLs0uTQd/skk+0kW+9G9Bh1NNWxc9DGOTPAX79+JUuq61i1OtU0OIXqaqitPUh67ifTBno/uqxldIpnDJEWs7+vn71npglYki3DGus2MYKWt8GOK4Nl0i2bGutaVBbNUVmE2bKevtb7tWAntRhs6dsiPpRUvn5Lj46PqWMdC6N1XBlJXt81Q3Sw26/3xYE01D24Dw7o52WqnjIFMkpFlN+mfdJxD3Ma6qHo2tEJ6veSORJPPTe/02M8/G0bgY2cNeB49nQ/aRs0X0uI3iSwH5DeI/8XunOU4/s44UZm2zHzbTXO79WBb4CAKhnI7P2XejXH11T3yINPtsjXDbeemXrT3YKQ2s6Kg2QyjWQub+3fqQNSnfYGK1rtioUsXLiQpavr+rzTNzc92Wo2bFCxv66fTMo8gJYE528weuTPJgP8VIoMg6Tl9NP3uDJZxsLsUoN1axJsmaMyG4VFc+D2NQm2pMpRamXZHFi3Jt4jYDCv/945v8NJ5jpv0pLHlezol/H6o2zUjisTZuWanTuT1/xAaTkjuy8ODnt7D+6FA/p5JdXUUEMdtX+vy3CFj8pv08gM+X3YcY8ZPBdd23vYy5FuZ4DtnjVIrvxg2zlzxjMYx/b5N+PjmKMAPY
所以，站点union注入失败的原因在于order by测试没命中</p>
<p blockindex=15><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA24AAAKqCAYAAABCXw1xAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9MYwbSZLv/e/ZfSsK0IfWtFNvcIA6MVy0deDsLSDrnHRIAXfOQtYYbSSwTkvWAY0e6xlpPEuNBtb5Vu0skEYbYwlzxjtgSCdxazxDhzsNMZbeUsge4DRfGddqArcQ9W539RmZVZVVrCIri8VuthQ/gDNqMisrKjJZlcGIjNi6c+fOe6CLB48foAsAk2/x228nKGcH97/8Evd3AFw8x9dfP8dFRctwasiwcx9ffnkfOwCAC0wmE1z84QKTNxNcrCSId+5F15U7fwXJ8d0HePyg6976Gl8/XyDggrbdB49hP7rA86+/xsV99/fFc3z99QTdZDwm3+K33yK9jovnX+P5zpe123496da/tsp5UPJ+5bWVjHcr+q07l5dRY64HjNui4Z+nmx+bsmtLZArRWVUfS6TZuf8lvrQTB9/+9lvMaTRYD/VkSI+tM39DFBwkb8Bcz2st+7xyHhbnKlqYuwFzx5N1p/spujs/d//PZtPk298iFaPR/XfJ9zHkPhmCL2vuvN64JPPZa3vx/Gt8fXE/lSmldIyXzOOQeYamMtRWyPL7Wei9JHg+1Fw/rO05n1D/GbH03teIOnoIuO+s6xkQ3G8Trmvd18YaZtFzfl1r5Zr36rXKUOi7bNwazZ11PYda1sO61g8BOvvpKvJfOckCrnsf97ufotu9j24XuJ9+1sLEfHNRq4+L599iOHlT9kmLX47rIejaauprrTJ8NLzBxQXQrfhmB+tsTWMXxCbIUJfWZZ3gDxOg2wXQvY/7998gWapP/tDOEjGjfO7sdB9g8KCbPgQvLt5gMgG6ZZPsKu6/m8DkOZ5fdJ1x1w47O58CqXZ2sPNp8okdl7mn9RpkCKHWvWRd8+FjmWd1CbjvrOsZcK3P43XPhxvyDAq6V28QdebOR/EcavF7fLMMN+xgB8Cbybf4+rl7p/sAXz7oAjv3Mbg/ae8X22WS7AAX3rl2ul0kz+KLiws3SN0S67nE0vba5h/wPm9a+rVxOUuvLYQqPezspH02kqFhv61yBeOW7/dTpD9CldwEWh23EDZs/i5lg+SdPH+Oi+597GAH99NVujXoVmX53OnifvKwnDzH1996npTuTum9q/X7b8h9MqznFbjAZHKB+zsrLogmf8AEXWuMf7qDHUzcNXhjcXGBssdzazI0pN69ZF3P4815zt801vUMuLZniz3b9c6HjXhehN6rN4flc2cDnkMhXMm6b7HOPgnr7gIX5U+ZK6H74Et8+eWX+HKQuRMvrvLXkosJJmnk0f3s19Cd+xg8eIAHDx7gwc8/nWu7c3/gte1mv3onslf1232AB9lP8C2FaVQQcm1B/WYLk53791OPQvd+iUs4SL8B/Taixly/inHz+vWv8yIRbl3jFsImzN8QNkleX5bkrefP2zn3srmT+5EjuY/u4P6g/Du0lvtvyH2yYb/5Mfb+vWCM2xkDzwDfuY/77oJyYzGZVF5ba/PA9tb8flZxLwmfD/XWD9f+nF87La+j1vbs3oBnCzZgPjR6XrQ8xoH36rXIEELI3Fn7c+iKvm+rrh8CdBbscZsksT079/Hll11cYMf+erjSfqL6577odrGzcx9fPu5iMnmDT7uZe3VSXAG1zgWef/0tdh4/QBc7uP/lY3QvLrCT/XyK588n2b+Hz9H90v2aPtd2gm+/9dt+i50v/X7h/Sr7HF+vWbdh1xaCvU4bE9zFg8ePURYZFC5DSL/NWD7Xr2LcrOdhxw8buHiOYfprzLrGLYRNmL8hbJK8Rc9Km/ex8mtL587FBJOL+/az7gM8/tJvOM967r8h98nAfp9PcP9BF6V6WPq9mOD58wt0V4xVnHz7LSZuD0/3wZd4nBPR/x6vT4a0tzr3s4B7SZP5UGf9cP3P+fXT7jpqXc+ATXi2bMJ8aPa8aHWMA+/Va5EhTOD6c+cKnkOtf9/Wsn6or7Of/OxnP5PAFnZ2bmP25g3eXEwwef22uu831iq8vXPbvfEWb1+/xvd/mOD1mwXHLaWGDG8m+H5yAdzewm3cxu3bt4G3b/H69fd4Phzi+8bf34DrxxtMnk9wgdtIVPD27Vu8/v6fMfzH32PiH/r2Nb6vbPscr/1u3xb7fYu3b1/j+38e4ve/z36V3drZwe3ZG7x5/e94/XoG3L6NrVki9yy9jtf//hqvcbt+2zdvA67N6j7r6+38+6//Ha9fv8FbAHgzwXM7aXAbb4G3ds68fvMGb+Z0HqDfoH4bUGeu1xy3MHbw8/s/tzeiiwtcvAXsVH+Lt6//Gf/4j98X+g3QWdBct9y+fRu3t2Z48+YCk8lrlB4RpId6MgTN9dB7T215A+f60uNKRJndRvev/wq3AeDie/z+eYWOa+Hp9s0bvAFwG2+z+TD0585bvP4+08FbwOrg+wlez2aYvbE/U77xvsfh998aYx1ynwwhvT9sWd36evj977NfN2/fxu3bW3Nz6e3sLeDeLx9j79pKPweK3823b+08e/398/xYNJYhTB/Ln91h99/g+VBHhrU95xPq3wNr3fuasFQPofeddT0DQvptwnWt+wL12+Q53+paOfBevRYZfOo83+rOnSt4DrWth7WtH+rpbMtmlSQIYnOoygxIfJB42aTmM4MRBEEQBEFYblhyEoIgiA+DLNV4QjtJSQiCIAiC+DAhw40gNo43uJjYFfzGZGIkWudi8hzfeuP7ZkGiCoIgCIIgiK2vvvqKQiUJgiAIgiAIgiA2mMByAARBEARBEARBEMRVQ4YbQRAEQRAEQRDEhkOGG0EQBEEQBEEQxIZDhhtBEARBEARBEMSGQ4YbQRAEQRAEQRDEhkOGG0EQBEEQBEEQxIZDhhtBEARBEARBEMSGQ4YbQRAEQRAEQRDEhkOGG0EQBEEQBEEQxIZDhhtBEARBEARBEMSGQ4YbQRAEQRAEQRDEhkOGG0EQBEEQBEEQxIZDhhtBEARBEARBEMSGQ4YbQRAEQRAEQRDEhkOGG0EQBEEQBEEQxIZDhhtBEARBEARBEMSGQ4YbQRAEQRAEQRDEhkOGG0EQBEEQBEEQxIZDhhtBEARBEARBEMSG89M6jX7729+uWw6CIAiCIAiCIG4wjx8/vm4RPmis4XbxHN8OJ3hT/PTTLgYP7l+5UB8fHFIJsOLbRkNKBdPGKZiAlHy957hSrkBnBEEQBACAcQ4GA63NdYvSAAbOGXBj5ScIgrCkHrc3Fxe4wA669+/j5zvJu59ip/w4olUMlFKpEcK4gOBsQftmMMbsg1cpZM8uc0ONnKvRGUEQxMcOlxqSA4CG5BL6esUJh3MIaX/o05JD6muWhyAIoiFzoZI73S66FdZap/cIUf8A25H3ZjzE+dkRpnGhcTRA1D9A1Oumb83iIeKytkF0Ee0f5/sdH+GHsyFmuXP30VnYzytcjp42kiVID3XkhYHRmQHFmIAIF6s2Rmss/tFxC//tf2xhCwB+fI//+t17vPc//mwL/+3X7nO8x3/9z+zzn/76E3zymX+c11cl7/GX373Hn34s9P8ZnAzA+zk5rlZnNwOWLk5gFKQy1yvOEphQUIIBMFBCoFpcBi4lBGNgDLBj/yF5Vq9p3HwvvFEQ6WqWQUgJ+zuIgRISOuex15Ai0b3XttTb7XnGF3nDGYeUwv24BMAYmGL7xjIQK8GlM9rcXADCxiJknuXmi9+2VLD6bbWCkAxacnCpIBbebzYQLqElx401nBdR69rsXPF/nDVaQkq9wd91/7uwbC7fLOo/u4l1UD85Se8Ye/uJsTLBdDyxhkc0wO7hM0S+EYMBdg+dsRJPMB1bI6VT2jaEAXafPEuNoFk8AQB0esfY2x947broRF3cKnv1BtjuDbDdW2bYVRCqh1rybiCfwRpOn5V/vJV+voWf/nLJcUv6yp93Cz/7H1v4xBlt7390x/9yCz/7f7euNpsOY3Yhya7ypKvIwMA4B+cc/FqFDsXAmKrPGIRSkNzpwBjY6xRQWoJfjYB
<p blockindex=16>sqlmap测试union注入的文件在data\xml\payloads\union_query.xml 根据发包提示信息和order by相关的是"Generic UNION query"模板</p>
<p blockindex=17><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA7cAAAGkCAYAAADqudIfAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdX2xT9/3/8adN4PtTlq6rRt2mgLKpfNdM6IedlIoFpMWRBpSkIl+tvRtS4KJ2kptGXP0Uelms7xVKb0KcXhBL7V2/01KV0IRJNZUKq0YTm32RYGNaI6Awl2nf33dZ9Psmwf5dnGPn2D52bMfBPsnrIUUtx+fPx8fHyXmf9/vz+bhaf/pyijJ4e/vpaAYefsXY5JyxcE8XJ3teoYlHXA9PEk8Zu9ztP8kbrXD70kdE76XAtQf/r3po5Q6ffhTlfqqsQ4uIiIiIiIjYcpUb3EI6aG3KXrhgH7DmrWsNimuspaWF+fn5WjdDRERERERE1qmi4FZERERERESknrhr3YBaamlpqXUTREREREREpAq2dHCrkmQREREREZHNYUsHt8rcioiIiIiIbA5bOrhV5lZERERERGRz2NLBrTK3IiIiIiIim8OWDm6VuRUREREREdkctnRwq8ytiIiIiIjI5rClg1tlbkVERERERDaHLR3cKnMrIiIiIiKyOTRUtJWrjd7gQZqtyx5+xdjknO3qu/0neaO1CXjE9fAk8VSqosNW26bN3Lr2Elnah49beLff3TrHFhERERGRLav84NYMbJ+5fYmx6L2sZf0nf8CnH0W5nw5eff9G/89eZOH2V9xeOEhrUxVbXgUtLS2bN8AVERERERHZQsouS97duY9mHvGHq/dXF6bm+Pr2AjTtYu9uc9meLk7+DK6Hw3x49XGVmltdTg9sAxNzxKZD+F2uWjelPK4uQtNzzJzrqnVLRERERERkkyg7c/vDZ43063O7gXtFVrz3OR+Omf9fp7GXYzO3ri5Cn52n2wPxC2eJmpny4HIvg1kr7iO+vM/y73ne2RHPrI/LQ2ipgx7LGgn3dY5sS+Qf88lh4smdlgWPGd1xjXAlx059zsyNBN3d54kduMzQ66vvQUREREREpBJlB7fx+Ud0NL9Ia7uP6D2zj62rjVdbm2DhDnfvF9++njgysO0MMTNyHA8JpoZeZ/jqalAY3j5JGIr3e02vnlnHGnT6uLLSQTyZvZ3/yRHeTzYSc39C3zZzBykfV5ZeJmyuV9axgejZY/hmjPcyMruL0fZTjCvAFRERERGRCpU/WnLsN1x/CDQfpL+3DVx78P/qIM0scPuqpb+tAzhutORAhNjIcTyJywy1Zwe25fKv/BgfjxnNyuTGOOdeBF4gaCl1fiXZCDzmmvVRiCvGkfUOGHV1mKPtY8TZz+DsLJFAnab4RURERESk7lU0FVB8coyx3z0yAtxgD61Nj7ge/ojoPecEtuCszG1gYo7YwH6Ij+E7Nry+Ml6Xh6PJRuCvmbLitCiLwE4Orawuu+M2lg0uHcoKeqsiFaavrY3ROHgHZtUPV0REREREKlLxaMnNPOJ6OEw8lTKm+gkG6SgyHVA9ckyf284Qb3mrucPvswvI7xdrL7rtCl6MPreDSyfMvrXZfW6rxdN9isC7UZUoi4iIiIhIWcoObr0n0oHt6ny196Mf8ikneaP1IL2+GJMxZwQmjghswSjfbRs2ypIH+olNt6xzEKb/5gGUNxftti/xbjP//0k60P0FLQ2/Zdi1niyydXCsdvrGnXHtiIiIiIhIfSmvLNm1h+ee2aCW1IDj+tyO9+EbukzCc5yR2c8IdVZYIpxKYIT1L1RWZrztS7zux0Aju5KVNQEwBseaPU+35yaj7QpsRURERESkcuUFt6l7/P0fAC/SccK3unxPF/7WJuAR38Sr2byN5ZjMrdXVYY62n2Eq4aF7pMAgTKm7XAPgx4RS9sFruGGeBDsZXPIWnyfX5SG0fCRvP8HkTvIGmSrx2EDO4FgaKVlERERERNbH1frTl8uOKnb7T/JGa1P2woU7fPqRZbRk1x78v+ohd7WC69eAY/rcFhCYmGOwufA8sflzz649z639eunpfYqsU86xzVLkAzfOcPTs56W+XRERERERkYIqCm5FRERERERE6klFUwFtFo7rcysiIiIiIiK2tnRw6+SSZBEREREREVm1pYNbZW5FREREREQ2hy0d3CpzKyIiIiIisjls6eBWmVsREREREZHNYUsHt8rcioiIiIiIbA5bOrh1QubWCW0UERERERGpNc1zKyIiIiIiIo6nzG2dc0IbRUSeqkCE2HQIv8tV65ZUxH9umplzXbVuhoiIyKbTUOsG1JIT+tw6oY1PxZPDxJM7gceM7rhGOFVhwYFrL5Glffgsi2LuT+jbpgKGigUixAb2AzcZbT/FeKWfjUgpzOstMTVB1InXmquLowc8eDznmeEMR89+XusWiZO4gkRm+/FaFsUvtNM37sDvwnqlz0V8DN+pcOX70f2FyKZSWebW1UZvfz/91p/eNpv19uA/WcJ6NeKErKgT2lgRl4fQci/xZV/1si8pH1eWe7nyxFNknbv0bZ/Eu30Sr/txdY5brs4QM3NzxCw/yuKUzn9umtjcNKHO/OsmMDFHbC5CwOWynOf8dY19mOtl/j1n/2OTITSOY/mZCGY3pIxjSxlcQSID+yE+lh8UBiLm55F/bgMTls/R/Gxsv3PmPiIBc3tXF6Fp+2sgb9MJ+2PnSX3O8LE2RuPg6f4/ttdx3XAFiVTzd1Tu+X3KVr/nRT4ny3uOFfgO11QqTF9bG762NnwXbta6NbX19iG8JJi6OJ69fCPuL1x7iSz3El/eW3ideri/EJEKgltXG73Bgzxz+xJjY2PGT/grHjYfpP9kF7vTv0hce/D/qofd9y3r/e4RNB+smwDXCVlRJ7Txqdj2pfEHY/uXlT9VrQOBiTliI8dh6oxxc2L+hPg/NbvhW7fxPvN99NVp1tZD9+lA0TWiZ49lPovROBhZ6HZj2bHh1QyhGewMNl9mKP16+xhxb3+BAGjtY0vpAhf78XKT0dPjRdbaz1vv+Z9Wkyo2fnqMOB66h8/VX3l1OqifPcSXmyGAMoPqYX7NVKLIep0hZtKZQPP3wdAUdI/MOvf382bl6iL05n6I/5rhq+v8u7NJ7i9ExFB2cLu7cx/NPOIPV++vLkzN8fXtBWjaxd7d6WX3iH44xofRe6vrxX7D9YdA8z78e2r/h8IJWVEntLGoQKT+nnxXW2eImRLeo//cNINeo4QsN+sUPXtsa5aVPQXx+E3w/rIq16D/vf9Dt+cmo6+fXQ14U2H6hi6T8BxnOCeoquaxt7zOEG95ITE1UeQhSoJ4PIGn+1T9Z8ZTYfou3ATPcU6/XevGZAtcPM+BG2eMB1a1bsx6dYaYGYDR9naOvvvHoqsGTh/Hk7jMkOXhSfTdf2cqAd436/AhxCaVVWlRyM+PcMAD8WuOv0KLK/H+QkRWld3n9ofPNgHw3G7gXvF17fzt/y5Ac/nbbQQnZEWd0MZC/OemGen2QHws82TV/+QI7ycbLWu18P6SNYDP7vOSv/487+yIWzJpHkJLHfRYD5zsIJ60LriFd/vdit5DcLmXwawlNvv64go3EsfpHpnlwFSBPnSuIKe7PZC4zMUPSjt2YGKOwayOVTn9ilxdhD47T/fDMXwXW5gZOU66IDth145S+mp1hpgZOc7DC+30MWH2pbXfZ+bzzaxwmSFr0Jf3hiJZ+3tqfXSvXSPu7efAUT9cXUf/xvRnGP91fpvT18CBI/hdUaLVPrZF3nUBQIKpodeN71n6uiDn8yjUP62K14XRNktb8tpt/1pJ7/v0cTzcZPTdaNH1Hlz7mmbvcQ6/DeP1ft/7wTXiA/vxHgrA+Dr6DFbZ+Km26gW1NteXd2CW2MDqv/N+X9lsY/s7rRRXhzmaLhYrFh+4ghz2QmLqSs7vsJ+wywPwKkd/DtGr5Teh5H6y5vfMs9Z6pTB/3+Zub/zeJvM99J+bZuTA1wyFYHjkOB7zd8k3p2eN3zOW3+vGto8YbZ/gR5+dJ/Pr3+53f/r3kPVPxFqfoWWb+IUif0tYfRARsvw9rfr9BXb3APuIL+8ruk2pqnZ/ISJZys7cxucfAU20tlu6zL
<p blockindex=18>网上转了一圈，参考报错注入和时间注入的修改request和response两处标签，通过正则等方式去匹配命中，发现<strong>无法过编译</strong>， 后续测试，union_query.xml的标签[vector]、[request]、[response]不可控，(修改后测试流程依旧没变化)。</p>
<p blockindex=19>猜测可能和<strong>子语句测试</strong>有关，站在sqlmap的视角，他肯定是无法识别当前子语句注入方式的，比如位置是在where后可控还是order by后可控，或者是逻辑符可控，比如例示列名 (SELECT * FROM users ORDER BY column_name)等，得构造某特定的类型才能识别，自定义类型，跟进到xml/payloads/<strong>boundaries.xml</strong></p>
<h6 blockindex=20>自定义payload</h6>
<p blockindex=21>boundaries文件几处属性是控制自定义字符的，preffix和suffix，把这里的preffix改为站点的自定义字段</p>
<p blockindex=22><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABSYAAAKlCAYAAADW0TKzAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdX1CUZ573/8/dILMhnZis2AbF7czoPmGGJ+kGzc9gakM7NWAES7Zmchar0IOhkROtHOIc/A5Gao8sPCHgHChVyVl+W0tKMMLUpJ2nIkmNQrczTuETTcJIRFvcyZ8O2UHo/h100/R/uoFuuM37VWXtePfV933d993Zqnzyvb6XUfnTHSHli1GtZvcelWcYMvVxr/q9CVPYvk+Hm16QNXrgnkZ6++UL5W+qAAAAAAAAAAqnOK9nD42pv2cs5UeO5jbVlt/TF75Ux8OB5TuJgSUAAAAAAACAx0J+g8l0tu/Ti+VSYPxaXBVkheuwasupjgQAAAAAAAAed5a1uKij5gVZFdDk7cnFg8Z27aywJoWVAAAAAAAAAB4/hQ8mjWo9Xy5p6oY8d2ICyIqdqrBK3341mfarAAAAAAAAAB4PBV/KXVFXpXIFND7qjf9g08ZwFeVDp5rb4jfMSblBDgAAAAAAAADTKmwwaVRrV6VVmvokvloyyqrKJrtGenvVH1nOXeE6rIOvuHX4mQG947lT0OkCAAAAAAAAyI+CLuVOWy0ZFdD4QPzGN5OXL2s8IFkrdqrCMAozUQAAAAAAAAB5VbhgcqFaMvClbqVqI/nwawVk1cZNCcdDd/T3byVZNyrxIwAAAAAAAADmVLBgMlwtKU39xaPJVLtuT36lbyU99UxF/HFju559StLUBLt1AwAAAAAAAI+JwgST0WrJm7rmSzMmNKZr4wFZK+vk2r64ZLuirk6V1kzLvwEAAAAAAACYTUE2v1myWjJi0vOOLuiwDja5VRk9ek8jvf1USwIAAAAAAACPEaPypztI/AAAAAAAAAAUVEF35QYAAAAAAAAAiWASAAAAAAAAwBogmAQAAAAAAABQcASTAAAAAAAAAAqOYBIAAAAAAABAwRFMAgAAAAAAACg4gkkAAAAAAAAABUcwCQAAAAAAAKDgCCYBAAAAAAAAFFxxXs9uVKvZvUflGYZMfdyrfm9IFa7DOlhpTT8wcFMX3vVoMhRa9Wk+tuZflS9YJq/lfbUU8dwAAAAAAACwfuQ3mAyNqb9nLOVHjuY21Zbf0xe+8N8nPe+ox5Ni4PZ9Otz0gjR5i1ASAAAAAAAAeEyszVLu7fv0YrkUGL8m3xJho6PmBVl1T3++PFmgyS2D4Vbf2JiGTu1b65nkLjL3vlZjrWcCAAAAAACAH5D8VkymEQ4bAxq/vUTYGAkwNTWxZIC5Zuo6NdR1QDZdV/dvPHEfuebrdSY4o+6SK9LsIbVHP5nRQPHv1WHE3JNhU+dsrZriznBDjg23ki7pftQccy5JmtDxEp88oZBk7FTfbJWcMZ86g4fkCy7+3W8ZUX2RP/yXUK8+8rWp/diovHt75DzSm9PtAwAAAAAAAMtR+GDSqNbz5ZKmbshzJ3PYWLFjWzjAHPUWZm45cp26pK5Gm+S/qBOvnwwHg0nK1D57SNGQcSGAnNuriZIr6g2FpJBTw4/sssUGkSGnhueq5HtkTRE6JgeRZ2afVHfJFfWGbqll4RxZ9pg8e6RaZ1v75D3WJu8le4Z7AQAAAAAAAFZHwZdyV9RVqTybsNGo1q5Ka1YB5lpoPT+mrkab/INvybm/I2OQ57eMxASOfg1ZZiSVyh6pYnTP2WXThI6X3F78kuFVvWVakl1H58KHXHM/llPT6l4IJSUpdEstxRPyq0xvzG1e/g2dbZHzxEX5bQfUNfqBOutY2g0AAAAAAID8KWwwmUPYmHWAWWiRnoztDsn3do0aTn64xBdm9CfLg7gjnqJhOTYMh5dyGzu1V5Lfcjc53Cy+L6+krdosGTY1BEsl3Q9XWcay3NWfJNmCT6/s3i53qKHmLQ36bWrsGqXvJAAAAAAAAPKmoMHk41At6frtL+VYzRMGrdq6xJBw4Pi0ti15MqtcxuqFiY5fnVrV8wEAAAAAAAALChdMLoSNgS91a4k9b8IBpjQ1sc6qJSV5Tu6Xs7pa3T7JcWx05TtxWwK6m+6zSGjpt3wj6Rt9mfYkC6FlYGW9IQ23+kZPq9Hm1+CJmiWXqAMAAAAAAADLVbBgMho2/sWjyUxhVzTAvKlrvkLNLndnj1TrxKBftsbT8l7qXEFlYThwtAW3Jp8j+KRsC0vBQ35NSJK2yJ00Lhxgei23tWytffKOtsnhv6gTNa+r4zKBJAAAAAAAAPKnMMFkDmFj1gHmOuA5uT9mw5jzal1OOBnyqyOyyc2Z2R0xx50aDpZJ+jzci1JSb2STm/ZZx2KIaexUX2TznHOJe6xHelQ6g46Mwanr1CV5j70k+XqokgQAAAAAAEBBJEZZefG4VUvGudyhhpoJ9Y226Y3funR2yc1wUij6SA6LU8NzVfI9qooe9lreV31RzPMyvKovCahvtkpnZu3Rw37LiBxFfinx0YZuqaVEKcfXF/kj53TraKNNvrdr1HKWQBIAAAAAAACFYVT+dAdpFAAAAAAAAICCKuiu3AAAAAAAAAAgEUwCAAAAAAAAWAMEkwAAAAAAAAAKjmASAAAAAAAAQMERTAIAAAAAAAAoOIJJAAAAAAAAAAVHMAkAAAAAAACg4Agmc2C329d6CgAAAAAAAMBjgWAyBxMTE2s9BQAAAAAAAOCxUFS2+Z//37WehFnY7XZ9/fXXaz2N/DA26sXXdun/qXxac59N6+9rPZ8fgk079PPXfqqqnTb96Kt78n+f5+stvGN7if77b19pJs+XW1WFnnuh3w0AAAAAAD9AxXk9u1GtZvcelWcYMvVxr/q9oejfK1yHdbDSGjMioPGBd+W5E0r+coFRMbnGNu3Qz3dvUWnMoZnJG/rDjcc0LAYAAAAAAHiM5TeYDI2pv2cs5UeO5jbVlt/TF77FY+FQMqCR3nflC4UWjzW5tTEhwFwLdrv98Q8nv/8ffbPWc0jhJ7v36mebwkHkhZggsqxql2rtoxqZWPvgOmcPb+sPl26v9SyQCu8GAAAAAIC8W5sek9v36cVyKTB+LRpAyqjWrkpr/DFJk5dvaEpSud25JlONZfZQ8ie79+rgaztUZhhrPZWclFXt0s82SQ/HR5KqI6dvXDNnKAmsJ5t26Of7d+nFTeb6/w0AAAAAAHPLb8VkGo6aF2RVQOO3JxcPVjyjpyRZN5ZJurMW01qSaSsmjY168d+qZH9Cejj+maZDJgryjK3614ofSd/f16d/y/I79iodrNwYc+Br/XXor/osGoJHnsfMF7rw+RNxy8NTLg2PeX5KN87YqtqG5/XE5A394V5Z/JLzh1/owtW72c8vUdIS9n9o4uqo/vxwJe+xXLX7n9emdPcTc0+bYg4ljiur2qVXKpQ0n3CFa8x9xT6fQEXc/T8cH0kOl1M8c0lSYq/HFHNMet4L8ym9r4//z7TK486b8OxzeTfZ/C7inkfmOa6p/57Wg++3yL67VptpjwAAAAAAKJDCB5NGtZ4vlzR1I75v5OQtTQZeUGV5lVzbvdHPKuqqVC5pasJb8KkmMmUoGQ21ViPMWgP//ISekDTzcDqrQDUclP0oLuz6ye69+llDjZ5MvP9Nz+vgpn9o4upI+Li9Sgcrq1QbiAnKFoKv7+/r46FIqLtph36+u0oHn0gOl0orqnSwIvGcz+vnVd8thj0TN3Qh8lNKCqzS3E/cEnZjq2r/7Scq+z/LDZmf0UsNz+jB1RGNxNz3zxUTSEUCurjrRsaluu9slVZU6aC+1l+HRvRZKBS+v8oavRiIeTeR36zi7jkSAsaezNiq2oZndX9oRCNxweLzOrhbyXN8YoteadiyeE+Rd/uzf/uJvll4ltm+m2x/F9HwMj7gDLcgmFo/1b6hr/XnP17RVNUuvVKxsncMAAAAAEC2Cr6UOxw0BjQ+mhA0hu7Ic/mmArKqsulNubYbkvPfwxvhTH2y5v0lpXDFpKnYq3Rw9xaVfn9fHw8tEUqGvtZ363GbZus/xW12k1GkunJm8kZc4PPZtS/0UD/S5ueeTvhCQl
然后得考虑该字段如何去和union模板里的test组合问题，网上转了一圈，当boundaries的clause和where属性值包含union模板的clause、where两个属性值即会匹配组合</p>
<p blockindex=23>clause取值为1-9，联合查询有关的子查询有 where、order by，取值为1，3<br>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA+YAAAGmCAYAAADxp55iAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdXWwbZ77n+S9tORIlxrRNqWX50KYid07Y4qqTtoQTyQdOHJ8ZZ09b6AR7sYODGAsssNgEc7E352YuFtgBFtjFYAbYt4u17wa7ydXexFj5nLEH43YnC9O9sBOnfaiVJ7Fi2jyS1RZt06FJK3aae1FVZBVZlIoUX1Ty7wME3S4Vq556r389z/95AvFfHC5heetDPpneT37hPJ9evofDwfc4feoNfrh6lnM3So4/vfnBJ8yM3Cd59hzflJx/66RYLEY6ne7a+kVEREREREQatcPznJnH/AC8uifqnB44yN5XgeV0V4NyQEG5iIiIiIiI+I73wLz0NdcX8oTi73L8YKA8Ofruu8RDeRa+utGO8jUkFot1uwgiIiIiIiIiDQnE/+ZvS59M7687w3JV0/Xo8dPMxkO2ObrfhF1ERERERETErwKOHHOfU465iIiIiIiI+I33puw+oKBcRERERERE/GZbBebKMRcRERERERG/2VaBuWrMRURERERExG+2VWCuGnMRERERERHxm20VmKvGXERERERERPxmWwXmqjEXERERERERv9lWgblqzEVERERERMRvtlVgrhpzERERERER8ZuebheglV7mGvPBxCTTUUhf+4qb2VK3i/NyCBxg5uQoEduk7EKSZFr7X0REREREvKsE5oFf8cHHbzMC5BfO8+nle44Zo8dPMxsP1V9S/hZzn10mU+peUBKLxXwVnBvBdK9tytrWC6yt4DN7h7lrS90uzdZSWiJ5wdwnsQSz8XB3yyMiIiIiIr7UQ+Agxz86RTx0n+TV+4xM73edMXP5U85cdvnDwfc4feoNyHzX1aAc/FVjPjZ1lPHIGulryUogHggzcWycsS/nWezyvhQREREREZHO2PHmb04RzZznzJnP+aaJBbx55A1C3Ofm7zItL1yjfJNjHjnMaAQKme+cteOlHDe/SCko75TAAWbeP8qJhGq6AaPW//0EY4FAt0siIiIiIvJS6fnm3JmmAnIADr7HxAiwnOabLRBM+qbGPNRHP1DwMKtRs55j/qKtFj0QZuJYghgrXP1ykdWqfW/8xvxH0X0eb+u1TYiMMvv+aOXf1ct1ybemTvP32ib8Fpem/JHDnJgapr/J7ajLWi455uefuM5SU87NlME6ZkHbtJp9WOe41ksn8Jrj7rLuQibFpVTOOd/dR2Tjo4yfnGFYufIiIiIiIh2zqc7foof/jBB5Fr660arybIpvcszvPiIbDxOJJjiBS4C0CUOJGYayKeYu5MqB2/QxGg4oF69dYRG85ZgHDjBzci8rF5MkrXXEEszGR5mdwvG7mib85eCy6uODaXD/HvoBgnsY2Qer2YZ2h6tywF0v0C4HslWpBrEEJ8Z3N368AmEmjv0cUknmrGWZHwaaOTb23/fbj4uVCnHX/hHH3L/FFa5eNNcTOcyJqQSzwapjaubMj00dZTw+w4lQa89NERERERFx1/xwaYFfMRkPwXKKy/e2Rs2aL4JyMAKgi3fIAv3RBLPvH2X2ncMMbroJcS9kbcFUaYnkQq4c1LZNaYnkhaom+OkU81mgP1jZrsABhiNAdrkS7JaW+DazBvQx4FLG1fuPjZYFxccsP9x8UcemjjId7aWQSTH3xW33gPhQlFgQsgtVtffpJgPVUo6bX1x3Lit7mz9k1iDYx+7Gl1hudZF9sFy1HudxGBwfMT562IN/a92Rva7N1hevXeFqZs04N1tyXoqIiIiIyHqaDsyj7yYY2UK15eCjHHMwg9krzJkBOsFhpk/ObDIQWuPB/apm2flnFOgltE6H+m3VbOBpyd7m0oUr9YNor8x88vGI0dx7vQB7bCgMxRW+vdv86rxz/yCxofwzCkAkPsNMrM75EggzEumF7KOalgir+WdAmOFD7j9dTV1n7toKheAw0yfHlXcuIiIiItJGzTVlL9eW/37L1JaDj2rM7WxDbhnNvIeZniy2fGiyYGg3YAajbvng1Mk79srLcGGlJVayo0QiI0xElstN2V83m5W3oka8HqPm2INAmIH+NhSgnNNeba255WVvc+li0TiO8Rlm4+ZkR274AKEgEKzqH6BhYUbHd7OoZu0iIiIiIm3RVGBu1JbDcnrr1JaDj3LM61i8fofhk6NEzObfLenozGrynLfVpNvH324BK2e7OrCv6UCuHPT2Epuaody+oQNjpK+mrjOXojv509ZHi6rtNPbbJpZrP47WxxbHtj0lX4RIoYn9a5W51Z3uiYiIiIhIjcYDc6u2PH+L6013594efg7KG7JvkKEgUNx41sFQH5BjpY3NsncHe4Ecd+r0bl5mltu15/B6Wtwr++K1KzxJTDIdTTAbcVlmKcdydo1YtIWdzYX6gDXS3y9vOK+rQ3s3ru0vLZG8iBGcBweAHJRyPC1g5pIvex6Gz/qgsqkWFCIiIiIi4lnDOebl2vJ/uExmi9Wi+SXHfDAx6Tp29tik0bw8m64Ei4sPcjhyges2iXYRS5g12Znmx0YvLbGSBSIjTETWyzO2lTEQZuKdqtpyG6NZvTfVvbK3wkb506vzy2TpJTZV9bdYYhNjnvcytL+y3VYndA7mRwHHttZJEXA9h8wA3t4h3OL3KxQIM35sbOO+C2zHbaM8fBERERERaZ1A/G/+tvTJ9P66MyxfPcu5G9bQS7/ig4/fZiR/i7nPtl5g7ieuY3nXqRV2zmuM9f30tRnG+23zuwbsLuOCN6mmWbq9rC7jZGcXknwbOsJ09JljGLSGxjCH9o1jDuXm38E6NcM121zd5H7dvHrn9lQvq5BJcSkfZTbeV7PdznlzzF/MMHAsQayqSXpN+ertQ7cx1KH2fIslmI3jOmydiIiIiIi0TyD+i8Pb5g3c7znm254ZyNY0kXaMG96aDwkiIiIiIiJ+0fw45luQgvKtbWwojOuQblYutIiIiIiIyEtoWwXmfskxf1k9Ka5RnWsNQOQwoxGg+LitQ6aJiIiIiIhsRduqKbv4QJ28bPUALiIiIiIiL6ttFZgrx1xERERERET8Zls1ZVdQLiIiIiIiIn6zrQJz5ZiLiIiIiIiI32yrwFw15iIiIiIiIuI32yow90ONuR/KKCIiIiIiIp2zrTp/ExEREREREfGbnm4XoJX80Cu7H8roJ4OJSaajkL72FTez3r4xjU0dZTwCZO8wd22po+tumchhTkwN01+esNadcmxRXT023bTVzotAmIljCWKscPXLRVZLL9Gx6ADjXpZj/uI8i9q3IiIivlYJzAO/4oOP32YEyC+c59PL91x/ED1+mtl4yDYlz8L5z7h8r/svBX4IeP1QRks5gHWzyaBWNil7m0sXbgOVIPSlYQafZFJcSuW6XZqt5WU+L0RERER8rIfAQY5/dIp46D7Jq/cZmd5fd2YjKM+TPPsZ35hf56PHTzN76mPCV89y7kZ3g3M/1Eb7oYyWxWtXWIRtV+tV3i4REREREZEtYMebvzlFNHOeM2c+55v15gz8isl4iPzC9XJQDpD5XYplYCT2VrvLuiE/BLx+KKOIiIiIiIh0Ts83586sH5Bbont4FQiFBwH3Zu7d5ofaaD+UsVFGk9lnzF/MMHAsQSxo/qHYRA27VTtfqNNUfp2/O5reV6/b+l2wMn9hg6bQxnb1Viassz3rrrsJjax7Q4EDzJwcxZGVUJ2KYM1TPb1es3GXZWYXkiTTVeVrYr+7b0PtcogmmLU31a6TXuHl2NSkbWwiVaOh68Ftu6rms84Ft/273t825LbuOttdcz7Wy113WyZAsbGiVfN0fGry62vPta7fq7zsc/PaCmZSXLo/6NwmD+dl5Vip3wkRERE/8d75W+Y7Mvk3iI8kOH7wRjmnPPpughFgOX2jTUX0zg8Brx/K2Jww4yfDFDIp5lK58svl9GSxuQCnP8hgIODyojxAKAgUnFOHEjMMZVPMXaiz7lKOm19c4SZUgs16yi/Pa6SvJSsvtrEEJ8Z31wSVG667EQ2ue+PlHWDm5F5WLiZJlir
<p blockindex=24>where取值为1-3，where标签，用来确定整体注入payload的插入位置，比如第一个注入参数，取值为1，第二个注入参数，取值为2，这里就默认为1</p>
<p blockindex=25><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA50AAADhCAYAAABLJNFtAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9+1cbeZblu4UNQkIgQAIBlhGGtJNCRXaVobqNu5094+7BM3NZd83MX3T/ople99I9155b7lmZ1cZViV1ZSYki0wYjLPMwCkAgJMRL94eII4VCEehtFM79WSuXEykUceId39hnn+MY/8VYFjUQCoUQjUZrmUXDsUOMhBBCCCGEEPI54qh10EkIIYQQQgghhFjRUusMQqFQPeJoKHaIkRBCCCGEEEI+R6h0EkIIIYQQQghpGFQ6CSGEEEIIIYQ0DCqdhBBCCCGEEEIaBpVOQgghhBBCCCENg0onIYQQQgghhJCGQaWTEEIIIYQQQkjDoNJJCCGEEEIIIaRhUOkkhBBCCCGEENIwqHQSQgghhBBCCGkYVDoJIYQQQgghhDQMKp2EEEIIIYQQQhoGlU5CCCGEEEIIIQ2DSichhBBCCCGEkIZBpZMQQgghhBBCSMOg0kkIIYQQQgghpGFQ6SSEEEIIIYQQ0jCodBJCCCGEEEIIaRhUOgkhhBBCCCGENAwqnYQQQgghhBBCGgaVTkIIIYQQQgghDYNKJyGEEEIIIYSQhkGlkxBCCCGEEEJIw6DSSQghhBBCCCGkYVDpJIQQQgghhBDSMKh0EkIIIYQQQghpGFQ6P3ccQ5h58hBz00PXHcnPBn94CnNPpjDpc1x3KIQQQgghhFw7N2udQTQarUccDcUOMRbgG8Pj6QDcuo9SsQieRxLXFlIRDi8mH4URwg5efruGeJaCOSGEEEIIIaSYmgedoVCo6Qd1dogxRyiMuXEvUrEI5nWDTH94CjOh11iIcnBHCCGEEEIIsQ81p9faYTBnhxgBqOphyAukd/DD8mHBV/HIKw44PyFqimwYo47POEU2FP7815EQQgghhFw7VDqbig54XADSpaf0h6fwIAhEF19jSckPRkenH2LCl8Dys2WsGVNeDWm7yspCxQNZdblO3ScBPJgN6P42LFvScF26SdIWKbmaymtGUay5+WaKtkGtqNsQSMXe5tZjdPohJtzWqcT6783mBaCC9TbZf6Ew5sbbEV18ja2B+wX7wHrb5D8yTc/e2IcyPoKJ2RkEqjgWCCGEEEIIKYcb/r7e/6uWGSQSTeQztMAOMaocoa3nNvq6PAgOtWFv4wApiynd/UMIdgGJzS181A1Se4Zuo8+dwe7qLvYBwNGJ22PdgMOFcAh48+yP+P3b99hr78e90RH4zmOIVbB5Urtb+Gn1PX5aO4RzqB/d5zt4+a9L+P7te/VzWS6gDX6+ACLf4XdL2vcHbQiGArhjWD9/eAqPRzugrCzg+Svd/FsziC5+h1dbxgF0EL8MedCKm2i7PMS73Uz5K2GFYwgzTyYRcqsDuW/fnOS+6hm6jb6uCxzq10+3nsEv+tGNY8Q29oG+QQS7gLaeEXQfRvB04S1+WruAbzyIe90X+GnzKPfTovVefY/znruYmOyH82A7v2+7+3HP34HuodsItiq5bX7ecxuhYd20jiHMzN7DoH6/HLThzvgdhHsKlw0cIbYq87iNYHudtiMhhBBCCCE6WL22yVhbfIFlBYArgAezM3Wrgup2nRSoZ/Hlt4imAV/fYM3ztiSbwNI3rwpVSGUVP8QygKsdXfKZw4tBnxNI7+DNhu630QQAJzwek3nvxbGbBoAMdrcPTSaoEN8YHs+OwIcElp8Vq36H6cLB2Oj0Q8x9PQa/PjU1ldapmE5A0amL2U3sKAB8Pfl0VscQ7gadSMUiBctbe7UOBU70DXShCGUd89+s5paztlu4jfwTg+o66BVV2eb6ZetYW3yBl7EM3MFw8ToRQgghhBBSI6xe24SsLb7AGiQ104nQ9AxCqDGNVNkvTNfMJnCcAuB2we9wXEP12XZ09AJQqvx5NoGlb15gqQ6R5FKGrdJfAcSTJ8jFvDeEgA8AujHYC8T31LTolHKs+0UZg+HhHviQQbRoumMk04DP54ffcVgQj7K7VThpNIJ5Obxl8K5sFaVWq/F7ERgG1kxOh3jkFea31fTrB7Pt5unZhBBCCCGEVAE9nU2MDD7F8xeansBxvQcDmuIYB8z9l4Cqri1uVjd/k/YvKjrlMJvAlpJBKBjA3eE1xKPIF1VCAjsbRT+uH5raWJLkCVLwaoqiC670DqKpgKZGuuACkE5Wprj6Pe0A5KWCCWV4ewvRPMGuEcw9Gan0xzq8GJnowlozteghhBBCCCG2hUqnHYhGsNz3EBO+GtVBPQ4vOtwA0ifIDZXqqB4CyBfIMQxapQiSni6XOvDzjc9gblz7ML2Dl88a3AM0u4mFp5u5wbGlyreXRhqAy9MFv6cbUN5iC90I+fzwbwNABslkZYtW1cfiYlDVoymkqSpeEsi+ukLtJYQQQgghpBqodH5OOCTtsxy0lNBYvGEDDFXJyyD6buvqCbW4TSusWv6mztVrlVU8f5bGzKxVNVd1QOdCBwZ9wG7kEHEcIBXsxuDACdw4wfFehcvU1NO+gS5AqYOqKCnTvh6MOopTbK3IV+utYPsTQgghhBBSJuzT2Uz4xvDYrJBLKKy23VC2coOr+PYBUvpiM44hzMyOoKwxp8OLyUdq0Zz15SqL8GgpsXAFcHf4qgkLC+KMTj80tFzJ43Z1lL/8Xj/6XMXzr4nsJhaeqoWcfOMzeBzWtTHRBnTu4AhCLm2AuRfHbtqJUNBbqBiXi7KKdQVwB8OYCdWneM/aux2k4MXEo9HSBYEcXkx+rQ44lZUFDjgJIYQQQkhDoNLZTCireB4Zw+PZGYMHMoPo4kJRFdjnK+2YGw9jTktVVVYW8NJzvzB1NbuJHWUEPp/B56esY/6bKn2aGvHIK7zEFB7oU2J1PSbjkVdYdj3ERDAfYyoWwfxKEHPj7QUxLqz0YG7c3Ito2k90L47ddAAhV52q1+pYW3yBw/AUHgSDGF0+zCmGagVbp64ok3hRnYbKtZUtay0UxlzBNlSppo+qqtjGMfkobOifiuLU2eEgQi6Lnq6EEEIIIYTUCcf4L8b4tEmuFyk2ZFKwSFI/qxqAEUIIIYQQQq4d9ukk145/oBtumLQDQXF/TEIIIYQQQoi9oKeTXDtSxdXXN1j4Ra6dSYPbphBCCCGEEEIaRs3ptXbwS9ohxp89Vv08a+kRSgghhBBCCLl26OkkhBBCCCGEENIw6OkkhBBCCCGEENIwqHQSQgghhBBCCGkYVDqbCLvESQghhBBCCCHlQqWTEEIIIYQQQkjDuFnrDOxQGdYOMQL2ibNsQmHMjXuhrCxgIcp3G9fJ6PRDTPgSWH62jLXsFftCqyKMWATPI4lPF+A1oG4TIPW5rKtjCDOzI/DpPzNWf3Z4MfkojJDrM1rvT412XctTxnnVSH5G5yy5BnTXjBzpHbz8dg1x4zFfdG6g+P6vu0598meDXJX8az5n64Tcw1jln9iFmgeddhgk2SFGwB5x+sNTeBA8sbxgF3x/DfE1HLlh8iJvew7TGQDO6w6jPshxafUwSOpHNIJ57VKde+gjnzVlv7T73MgNOMtYd23A2dQvs/bSSAPFrdkaDV8MEQKASmdTYZc4gXZ09AJQrjsOQmonnTy87hBqZ7hHVQ6iJQac2QSWvnmBpU8WGCHEtvT60ecCUrFYycH2aJ8XQALryyWup9lNLDy95he26RN8Bld9rC2++Dxf7pPPlpoLCdlhkGSHGAH7xHkVXS7nZ3NBJ5838eRJxb/xh6cw9ySMUYejARFVj9/TDiCDZPITLtQxhJknDzETauC20JbxOOwtPS3JU8u+8Y3hcaP36+eIbwyPn0xh0tfA7fap942nHW6U8WLO4UWHG5/83j86/RBz00MV/OIYyXTDwiGElIBKZxNhhzjVB/X2in+npt1KKqNFqk7ObyFkEF18jSUlWzRNemUBC5go8I+YpfUUpb9VmRZbNB/fCOaejOT/NqY1mvlgak3JLdo+1r68stP+TOYJAKlqYyxnvS28vuoxgoJ9rk/XxtSMbp1Mjo1K0aVJlk
<pre blockindex=26><code class="hljs language-js">&lt;boundary&gt;
    <span class=xml><span class=hljs-tag>&lt;<span class=hljs-name>level</span>&gt;</span>1<span class=hljs-tag>&lt;/<span class=hljs-name>level</span>&gt;</span></span>
    <span class=xml><span class=hljs-tag>&lt;<span class=hljs-name>clause</span>&gt;</span>1,2<span class=hljs-tag>&lt;/<span class=hljs-name>clause</span>&gt;</span></span>
    <span class=xml><span class=hljs-tag>&lt;<span class=hljs-name>where</span>&gt;</span>1<span class=hljs-tag>&lt;/<span class=hljs-name>where</span>&gt;</span></span>
    <span class=xml><span class=hljs-tag>&lt;<span class=hljs-name>ptype</span>&gt;</span>1<span class=hljs-tag>&lt;/<span class=hljs-name>ptype</span>&gt;</span></span>
    <span class=xml><span class=hljs-tag>&lt;<span class=hljs-name>prefix</span>&gt;</span>pay`+/*_*/where+false<span class=hljs-tag>&lt;/<span class=hljs-name>prefix</span>&gt;</span></span>
    <span class=xml><span class=hljs-tag>&lt;<span class=hljs-name>suffix</span>&gt;</span>#<span class=hljs-tag>&lt;/<span class=hljs-name>suffix</span>&gt;</span></span>
&lt;/boundary&gt;
</code></pre>
<p blockindex=27>观察union模板的"Generic UNION query" where、clause标签是否能匹配</p>
<p blockindex=28><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA/0AAALbCAYAAACoveD/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdW0xc573///caDhcOO91bxZPgg0gVt3blfz0DSZSCpTBIxY4hMlWTu0bCvghgbmz56i+cy3rUKwvfYCAXNlJ7l139sWoSIJLHlWxSJYZZ/tWS3TpqUWyTrLj67Z1SLjjM/C/mfJ6BwfDA5yUhxWueWes7M4sJ3+f7HKxDP301jIiIiIiIiIhsO67NDuB5qa+v3+wQCjIhRhERERERETGHpUq/iIiIiIiIyPZUmfMRq4HOnjepy/Pk+c+HGQsm9Rl4f0nvz19O/HvhIX/8fYDH4c3vV6ivr2dubm6zw8jLhBilBJYb/1ITHcxxttomsAV+D0REREREZGfJnfSHZxkbms36kKezl6a6b/iHnTi2z/c+7xyqSXQEWPvx/bqDd3p+wPTwGPYmJzwmJNMmxCgiIiIiIiLmKH1O//5WflYHCw/uJhJ5q4HXDtWw8OBGovIf/prArYcs8DI/a9lXxpDXxoT58ibEmFf3KMHZCfwt1mZHYpTua7MEr/VsdhgiIiIiIrIN5a705+BpPEgNCzz46nHSwXrq0o8B/PAH1ADsO8A+6/GmDvM3oYpuQoy5+C5OMNDuBnuI/ltJn3PYy9RKPU9d1+miGTtUG3/IcU3TVuGknmj1aEobeMZg9R2G0++d6HndGZHcx1P1KBLTahuXQ3Cj8jP6rcTze5Y76cty3sjx7OfKf+3FlGtErrsr6Qn1XF5K7tBJvfbInXv0neklONvMYOMpRjQNQEREREREyqS0Sr/VwCt1wPx9Al8nEhNP/cvAAv83Keff53uf3v/nf5l+sAA1P+CH5Yl3zUyoopsQYwarFf/ELAPtbpzx83hPDWdt5g2dxA7BYPV1PFVjnHUt4g41MbqaGBXgW23DDtUSdEXaeKrGGKSWvqVf4A8njR5YPYq9Ug+u6Xg7T/V9gmt+DW788Y6A60nnO4y97MVnFbr239m74om3C1RMRY9PcwOAOc5WJ16Tp+p2aifGSBfexiFsjtA386lGSoiIiIiISNmUlPTvazkcqejP5E+v9vne5519T/jj7wP8E4Aa/muTR/ibUEU3IcYUVg+jM5dodzuMn2vk2IWbeRrPcTapuh1wfYcD7GF39FwHOB3aheOapqsikRAPV98nyC7eCCXajYZqgfuZowTWauXHdLDIjcqkyn/4EV2uZ8BujoUSTX3sAhb5wvVd4mD4EV1VwfUt1BcepqvxPOOOm/aBGSYvtq79XCIiIiIiIlHFJ/3RefvpVf50yQn/Vli1P8aEKroJMcZ1jxKc6cXDPQYb304d0p+F43qamhRbQdqqxhKJ+8pLeNOTaQC+5wngDu2JVNJDNewBgq6vyvZSekK1wHdMpv82uP6Nk9zhAARYBHbRsZI2+qAcwjfpP97AuXEHd/slzfMXEREREZF1K3pOfzFV/v9q+TVNWRP+1KH/m8GEKroJMQKRIf3vHinrKSMV9F10rJykI1/D0Au4gaflurDlJtLVkj7vPiFlPEHFbTyuyJz+RKyLGesGlIXnV/hbRgp2qIiIiIiIiORSXNIfq/IvPORRluT9n/+7AHUvc2jfw9SE39rPgX01sPAkOsx/89TX12/5pNqEGIF4Rbrf6mF0ppe+mU955Vzhan8+kQp65qJ7qddd8+lzCztE3vE5zlbbxQ3Rt4K0VUU7v8KJDoC9ruspUxPWovvaLH0ecMbPF5guISIiIiIiUlhRw/sjVX6Y/0v2IfuPv3rCArDw+FHq4/sOsK8my/FNYEIybUKMKco5Dz3LUPrc7ZLWAojyrfwIbzHXsQ7QnHbooWuR9Ln7RbOCtFXOZY2ptPP0MDo7S5+nmPURREREREREilM46U+q8t+1c7T5+iaBBwvUHGrBtz86z9naj6/lIDULDwnc2uSx/ZgxX96EGDOUax66FeRjyFjRP3e7H9MTXS0/c4u8iMhigWmLAC4dzugcCFT+nSC76Fhpjp8zl57lzoz4fKHduLOtRxB2mHQtAvWcXslz0hY/kyWsjyAiIiIiIlIs69BPX82bYezzvc87h2qY/3yYsWD+ZCTWNm7+zwyNzZYlUDFA9yjBMy8znjzUPzr8Hdd0cavtrx7FDtVmHA4mD5233PiXmpLm/s9xtnqB00uH8XIfT9WjnOcLuq5zlV9wObTIYNJuAhBJ6PsyrvwstV3GtbO0SZPZKZHavvvaLH0M5dzuUEREREREZK0KJv3bhQnz5U2IccuKV/HTkn4REREREZEdrPgt+wxnQjJtQowiIiIiIiJijh2T9JswX96EGEVERERERMQcOybpN6GKbkKMIiIiIiIiYg7N6d9CTIhRREREREREzLFjkn4RERERERGRnWbHDO83Yb68CTGKiIiIiIiIOVTpFxEREREREdmmVOnfQkyIEcyJU0REREREZKfbMUm/CQvkmRAjmBOnESw3/uVO7KSfqVX3pobUs9yJvXyUHsvK37B7lODsLKPdBdqJiIiIiMimqcz5iNVAZ8+b1OV58vznw4wFU2cH7PO9zzuHaoBvmB4eww5vjdkDJqyMb0KMYE6cRgg79FeN0Q8Q9jK1Ys4oiu7mI+B8wtWPNjsSERERERHJJXfSH55lbGg260Oezl6a6r7hH3bSQe8v6f35yyw8+DMPFt7kUE2ZI10nE5JUE2IEc+KUDdTi5z0P2FcuENgiHXsiIiIiIpKp9OH9+1v5WR0sPLibqOLvb+X9n8P08DC/u/WszCGWhwnz0E2IEcyJM6sWP5Makr5uvmOv4eYet9Or/FYPo3p/RURERES2jNyV/hw8jQepYYEHXz1OHPz6Jr8biv73Fv1b34TqtAkxgjlxZugeJXgmMiTdn5ysrh7FDu3iRuVnzK2cpC/+wDMGq+8wnF7JXj2KHapNORR0XaerItouOkzfzX08VY9Sn5vvsWLEn5/j2nnaOa5p2iqcjFP2LHcmveYiWD2cbnfjjP+WkfT3JjzMbbuXvjMzBJuH8J4aLuXMIiIiIiJSZqVV+q0GXqkD5u8T+NqsIb0mVKdNiBHMiTNZ97XZSMJvD+E93p9lSPouOlZO0sd9PFVjeKqnuUEtfUvNqQvarR7FDn0baRP9GQS8oZOMrkbbuZ7yBQAvZSyG5wvtxs0iNyq/Kvk1+FbbsFfqeeq6Hr/2Wdci3tDJ1MX/wl6mVuBidWo7d6gptZ11gNHlzsRrTno9eX3QjAeHLycDWR8eOdWA98o98PQSnPDjK7QgoIiIiIiIbJiSkv59LYepY4EHM8GNimfDmFCdNiFGMCdOAKxW/BOz9HnAvtJYoPKcVH0PO/RXzuFQS/NKUpOK2xkV+uHq+wSBPexOPNf1DNKfa7k5FtoF/J1+q8ROM+sAp0O7cFzTKVX9QMUUg4A79ONEB4MVpK0qmNKxEai0uQG4Qy/Gj/UsHcbLMwarS+iAsFrxv3sE7D/QfyvPaxjpwnvuExz3CQZmPsXfosRfRERERGQzFJ/0Ww28dqjGyCo/mFGdNiFGMCdOWvxMzlyi3e0wfq6RrpH8923QlZb8uhZ4SlIyX0ByQk3ltwQBb+jVxLGVH9OR7TrFWHkJL4t84fou46Fh1zNgF/WhYk5UE6m8W24in+K3mdMX8vngFO1usO+MFG57q59jjecZd9y0D8xonr+IiIiIyCYoek6/yVV+MKM6bUKMYE6c3adPUI4d792hFyFpLnxRc+DDj7jq+hGXQz/CH/6KfitMT6gWmONqJVBiv5mPXQVa7GJvCKiItl9t43Io33NeZG9pIQDr26bP8+5FfB9ptX8RERERkeepuEp/rMq/8IRHjws334pMqE6bECOYE+fIqQa866k0h2rYAziu7yP/ttz4lzvpY5EblYn58p7o8P50Add3OOzijdBusA7QDDiup2tKegMs5nws0iGwyJPob3PPcieXQ7sIupJjnOZGyVdNE92mz/lyqrjXYPUwmjTSIvtaCiIiIiIispGKSvojVX6Y/0uAx4b+0W5Cddq
<p blockindex=29>没啥问题，发包测试</p>
<h5 blockindex=30>测试问题</h5>
<p blockindex=31>再测试已经能识别到自定义的payload了，但探测的深度很有限,order by的注入得取两个值，一大一小来确定字段，从发包payload来看只发了order by 1</p>
<p blockindex=32><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABRUAAAJlCAYAAABE/RU8AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9f3wU13nv/zmSQBK/jBOIiRetasm2lsROoG18u1ciBVSae7WJY27dLQhhEre9SHJwEsPeXLhfAbZy4VVvcH7YBtH2xgGEoLpp7eCubhOKwJbUzStpAkmcsnKQsFYeYgdaDBFG4ofm+8fM7Mzszu7MmZ1ZrdDzfr3EC63OnH3mOWeec84zz3kO+5fTb4lI4o9rHkj8n/ma0d4WhAcCOhsbsCeWUlzHnZ//GcoWAUAPhr+yEZfE1PKMPYgFoXbMn5e5XKL8ws24/8l1KAaAMzvw85dezlwmmYsH8avwblzTfIeVOnlkYGwVyv9qB+YkvjOOseRKLryG+Hf0cgDWdKbgaz6EtqAHEDrR2LAXsQxlrWLWxqz0Kbx/TwNuMYOLx3pQInwJRdekaxh7ADcqD2BUbojCsbjBRUMoHvgSCku+rKu3cAy4pW1AMY6i86tQ8p5c99xv4reepYk/68qLcZScW5VWjlS52zFz4OtgSfpzUr8ssAvtIT88AAAB0WgcXr/6u6Jrxnxoam9D0AMgGsayLZHE9SdCfql0ZyPW7onp62cB7DwRgh/66wz/npAB8Ps98q/qPfKU5ZMhzb1pP9fKEWhGeygo6ygJIYrO1q2mNigTWp1CECDAA0+KbHpdCIIAj0eRSP+MWG1jXhncQH3Ok+83XVto5JRERUINyXpI6T9atH09VbepxNHRsBVdVU2qvClV6vuC7t5SZJVkiIYbsCXC33cSNgFRhBu3IpJF/3OCwK6TkJolivDyrYiks2EAouHlpvecrl8kY7XelL4gCEhp5XgfWrfat688z5CZjUroU+hEY0M3Vmjs1fKtSFyr2GAe+2D5fgyeH10f1tlqzfOaUlBC2z48NorX9unsA6B/Vm3YMx496K8zHmdMv8ORMct5PbhJRlutva+044Xmerl8P4+tTuq/lscAExl4bInd8cLK95rN2+yS8twnY9QWFnRmtT8k3xuQfk6Qbfuk1YGL7ZadHFo7aTwum9koXruuHY8hRBGFH35t8SQb5cYYkA3a79GNV7z216K8vPpV0OnZ5P55ylpB/7wJssgamTX64eoPPOO8yXhphFU96OdeztgIq/DONbh0ZtE+3I7PfJGlUhyMXujBFQDAWxhNV+gTn8IcxDF2ERg7mdmJJjGAK2d6JIfehbOGJcS3v4Y3v/J9zA1swB0fKZfLDuHKL/fh1z/6hWGdY2d6MAZg7JevWLgzMxnOYuyMcu9puDBg+LElnU0og5g20gO9T3EI06/8AAXvvZFSumCkB0XXM9U3JNeVWq9yXdGVv0Hh5V/qnH7ie1/E7LFHcGP+ctyYXg5Aciyyke+g+PL3wK5pyopvYNrAYyi84y8xOq9c873lEAEgo3zOIEa2oGEggKb1Naj2euH1egFBQDTeh979e3XOiaG+KKJlAIYHdNeHy3ehpgxAWSV8rD/J6A5gOBqV/jts3LcSyAt7SQQBiHegdWuXsRHnKWtBBqN7038+BECeNNRLhliIhtG6fwBAJSory1ETCsLv8SPY0oTuLAYfMbIFjWjG+vpqeKWbhRCNo69Xo3cxgq3LB1DXtB711XIpQUC8rwP79+r1wNPGPDK4wxD6olGUAaZtoci5XHNvACAIccT7elP1YKAzAIDHAw88qF5RhT2xGHT9JS3DGEiWV/O33t5uRCLJC7XUsnH5fcZw7350dyU/O9Zgvma0VAOCEEVHQ+pCYSIYGI5C0qCipySG+hCNSpowMwvyBYhHo4gDGO7tylDMar0W2ljTz+zA9wxltlEJfcoyJdsr5VpFZB77YJ0knXm98EKaYybXK4ox7G1oxJD2WROi6OsbBsrKpGegvA4+Jl3DY6N4bZ9kH+qRECMeR+I1orXOZ1sPyaQbZzJ+R5ZjFuCWHtzD2FYb2XXj8UIUI9gfrgFqpN8rq4B+Llut0WNaDMYAExliXL47u+OFtu+ksWEDwxAEf/LaMGuU5767bj1a6jXtBukZUTscn86s94d0cwL52ezuQixhSyzoyRYuthsHYmwPGpZ3c48BmWwUr13v39uKMJSyXngRRbSzF8OoQZmBjXJjDMgGUYxga7gGJ0J++EPtaB5QHRdc9teivLz6Vejv7kO0Wp5nxPvQ3Z/+nvq7+yAEZWeSkLmsFaTnrRk7W5R5jrwm83hSXuBw9QeuNuZYZyqyWNCDr/mQ/HJcQGdrbh2KEnxzDa65kUX7cDs+88x6pCIgyAsPAMBw6oBDOA9jPjTtXK8Ool7ZM+3S27+p1sa50O9EoX37YPbGnKesW2SKmNVFixm8BSbyE5/PBwCI8a34CIIgCGLSIUWftKBajrakuQpBpCffdoJkg3YtbWWXiK3vsBE5mGvM9KBGYNrfQUTkJxYiFY3eQBITRjyKaByuv/2bsriiX8IS/d3oE4IIejwItp1AtRBFPA54vcpbfwHRME3SJxPkTCQIgiCmDFUrUA0AfftprkIQJsT2rEVjt/LyeXI+L/rtvgAQRaZNH7crVvUgRragccAHoH/StjlhjGmkIkEQkxNtFOZw737sMdiGZKes2zCfD3WVlUmfDhhuoyIIgiAIgiAIgsg1zBdAnWbJMtDl3g4/3e664f3YMgG7ytKRSz0Q+Qk5FQmCIAiCIAiCIAiCIAiC4MJ0+zPz6ZOEJsjy9EbCGowFsLO93lX9T+U2zoV+CYIgCIIgCIIg8gVfIIBK2gk0ZWDMh7q6StDuL8INLJ3+7PV44IGAaGcHehOp5gbI4ZITBrC/owNKRHF5TT2CfoePlcNUbuPc6JcgCIIgCIIgCGKiCew6KZ/AGwW6KF/5lKBuBepD0iEqNXDnMBli6mLJqagw3N1lejITe+gFPPjoUgA9GP7KRlwyMFKlD70A77KlKJ6nfjZ2Zgfi33kF17IwamzhKixY+TjmL1LjzsYu9uA3HRtx6W1RU6YWxRlreguXj+1OXMND6UObcdeydZijuTdc7MGwRoYUuTPoTBRjiEViUN4n+MrrEfRzi2UZozZmpU/hmueT0H86BDZyAsWXvwd2Tf0LYw/gRtlXcWN6hi+5/h2Uxl9JU69x3bqy8vWp3zeE4oEvoUDWH2MP4FbZVzE23YtbxQDEOApHXkfJ8NfBNEe651K/Rkg5MlpQ7QUQ78Bai6d55UNujXyQgZBQkySnnp4NJEUka/qZvv/pI3SZL4CdLfXySwcAggAhTRSvlbK6yGCTvm4cQR1HvK8X+7u7dAme00ZbpylvlUwnkjuBL9CM9fVB6N5jCFGEW7M7BVFpU+0LEiEaRuvW3Oa4mQz2Qdsn432teSmjFXieLbPrefTAM37loj9kqwe3UezkfdOL4Xv5VZT++Ce4NXoV371wAf9rdAQiLNizvV0aG81hJ7VtlQ5ZZzwy8N2/dVvtaz6Elmrpr32tevvra96FFvlG+joasMflxTFjPtTtbEG915M4OE6IJo+X/DqzNG5aGbvl06a7UGe8+wZAvK8jq7FwMrYbYH+OfTvDArtkh6KAzkbJoUh6uv0RI3vQgDKcCPnhD7WjecDavNZsfcHD7TLnIlIpcLIytnAz7n90acYypZ9+Ffc9KjsUL8Zx5WIcAFC8aAfuCz2POxmz991sFcqf3CE5FC/GceVMD8YAFM9birInj+LDC5V6K1E8v9z4Z9FSzFm0FHMW/SFK7Mjw0Au471HFoRjHlTNxjAFAigyaayzoLB8Qp3txq1j6Aby4VbwUNz+4DVcrfoJrC5JycOrK8tQLfd33fAPjmv6QKJtcifK5xpHJ2AO4UXkA78+WHYpjcYB5cWt2A64u0tebF3g98CiTSstUoszvh9/vh78s+WCTXJEPMliH+Xzw+Xzw+Sau/d2XIY6hfuO/eD1p+pnS/zSPrORQC8EvlxcEAB4PPP4g2tqb4NM8QxnLntiJgPZ5SydDJnk9HgAeeDx++IMhtLWdwKFmX4aySCqfJINFxNgetIajEOBBsK0duwLOtRk
把流量挂到burp看看，代理后，再次发包</p>
<p blockindex=33><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABRgAAAF1CAYAAACDPYaKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9f3BU15n3+T2ALZGxscmATdyoNZZsq3FMBvaduKpXkgPoJa5SJ455y2+XEcIkrn0LSQ7ZKUPPlLSvAFspUUlHft/1DxC7VbZlhOztTa09eFpVGVYCW9L0VDIJxCah5SCBWlxsB+3I5vXEKDbc/eP+7r7d957b93a30POpakp0nz793HOe+5xznvuc57CxU+dFpPFw/dr0twiCIAiCIAiCIAiCIAiCIDJYwiwKsEAbujtr4U//IDWGro5DSIoZ/knCRRgLobu/ydP2X8h9XIj2JQiCIAiCIAiCKBUCoRCqMYF4PFlsUYgCwFgAjY3VAPU54TFL7BTy+3zwQUAiNoDRKeXdCXK+FIQJ9A0MoFr+X2VdE8JBn+u/snD7uDDtSxAEQRAEQRAEUWxCB04iEgSABDDYgfgNv94j0LgJTZEwfADqsBHtcepzwhuWwCqEUcf08CDiydzKyB58EWsfqwcwgum/34VZE4O19MEX4d9Qj7IV2ntzZ/cj9epb+NyhgWNsLW4P7cRtK80/nzu+Cx9eFMFWb8GqzQ0oy1nbBXx6vAezF/llWfrgHty5YTuW6a4NMyOYHthlWd/yH/wWFWsAnN2P9155EwAgikkk40kozxkClU0IB7nFso1ZH7OlT+Nz30MwvjsF9tkJlH36D2Cfa58w9gC+qPgxvrg5x4/8+VUsTb2VpV7zug1l5e9n/t4Uyib+FotkHWLsAVyr+DHmbvbjWhkAMYXFn72L8un/BiaXKXT7msFYAK3dnaj1A0gNYFt7nON7O1ABANN9aD9Y+KdRpSADIRFoO4resA+AgFhLMw6m38f6SGWdnhn1zxi5ywIhdHc2yQ8gAAgChCzRvXbKGiKGLXTdPLI6hdTYKPqGB5HUXV/WKOws5e3CAm3o7w3Dl6VN8yUQasOOpjAMzzSEBKJdHZZjbS6UPtU/LBESUXR1DBb0odF8sA96nUyNdZWkjHbgubesvs/TDjzjVyH0Id928BpbdtLKnh0atCibxU7q+yobcpvxyMB3/fZtdaDtKDprpU/Huoz2N9B2AJ3yhYwNNOOgxwtlxgJo7O5Ek98Hn9RxEBLO+02tl1cfso3dSGGguQODaDTflQMgNTaQ11g4H/sNcD7HvpFhoQOyc1FArEVyLlI73fiI8YNoRgVORIIIRvrRNmFvXmu1vuDhRplzEblZ5GZlbPUe3PdYfc4yS7/zNu59THYuzqRwZSYFAChbsx/3Rl7Acsbh8TRwD257qB7L1tRj2ZpKlK1Me92llKvO/Ex5rVG+/y2UO5CAPfgi7n1McS6mcOVsCnMAsKIeFT86hq+tzn5t7MEXJediiSLe7Me1MukF+HGtrB5f/uVe/HvVr/H5qgeMhQ1leeqFse67/zuu6/RBLZteifK+zqnJ2AP4ovo1/OlW2bk4lwKYH9dubca/rzHWWxL4ffApE0zbVKMiGEQwGESwotq6uCeUggz2YYEAAoEAAoHi9b/3MqQwNW7+id+XRc8U/dPdspJzLYKgXF4QAPh88AXD6O1vRUB3D+Use6IbIf39lk2GXPL6fAB88PmCCIYj6O09gaNtgRxlkVY+TQabiMmD6IomIMCHcG8/DoTc6zMWOoDeiOJcFJBICBAAwBdEpLcfbQ71g7EQuk/0qs5FQRAgVRtBb3dj/nJz6e88sQ+y3liPWCUOx72V6/vc7WB7/CqQPuTbDh7BYycz7JlPZ89OGO0Dj51U+8pn3To8MvBg11aPHxpASi4X3qHZLsZC2BEOyn08huFBR2LYhrEAWvt7EQnKzkWp4/LuN0f6kC6c2p+690zb1ye3r/NxbL71W5rwJWkTigFjIXRL3kUkomnOImqnGx4x3o5oAgB8CHca5/LWZF9fcHGjzLmIrLjmYFz64B7c96PtOSMD2eo98D8kq9PZ/Xjvp9/FhZ9+F394V3IyYkU97gg9kL2CXHyzAcsAAClcfv4RjP/0u4bXhV/KEWsXf4YLaZ+N//S7+CDagSszcl1nX8aHnNGLjG1BpeJcnTmCP/z9I7jwynfxwc9H5BJ+LFtnfm12HLMlw/94FkvP/U+4dfJZLJGb6Npfvoart5sYqLl+lE9swdJzjxpfcvRhZr2PSnULcpuxevyp4nuOxLx+549xVVbGJcJ/wC3nHjXUO3fn1x3VW1pMoC8aRTQaRbRvYgHLYA/GAmjt7EVvby96uQfV0pdhfCrlWl2SnGF5kplAtGUjtm3bgJaY5KyCL4zO1hqTsgJi6WURRJNc1jGJKLZt24CNLVEkoIjQa75QSkSxbds2qXxUKR1ExKFzLRlvR3NLDAJ8CEZO4EAoYP0lC/QTfAgxtGxsRnv7NjSr8vpQu8lZm9W0NkEJwk5EN2Lbtm1aOwQjeTlJ+fV3/tgHohAsXH1wbCcVe7ZhA1p09sF0YchjJ4UYupqbZVupe5lFLfHIwIOFrRbFOPqU9gk2qc45g40b8D5Xdk1rJ8I+ReSN2KC3qQ77rSDjptrHG7CxJQb5UROCTQuj3whz1H5IRGmL7AJlsEMeI3xh7LAxNXZzfUEsDFxxMLLVe+B/LLdzEQDK131LLpPC5eOak+lq/GVckf8uu/9hLHUw8JXfUSn/NYWrQs6i5t8PdWPlikzZbOMDcDaFuZkULg/0aFu9fzWkXdvKezK+xtharGqybrtSQ/z8LSy9NKL+/8tlzhyBpnx6QnVe4uYqiJz6wNgDuHaL7MgWR3Dzp5n1Xrvl29z1lhrS9u444vE44snihJiXggxEGsI08l+6V6NCeYQtTGNCfmI5PjwGxbz6lAikmk2oVcuOYVgpe2hAW+TWbnLFmSom4+hQFzRAsM5iZjQ4qsoAf6VjGcTkQdnJCAQjvZlRQbzUAEgIEAQBsS7dQksnr89BhJcUISJ3hhBDnxIhoqvXss1chOwDoWdB64MLdnJ8sA8xzQAjm4XgtpMc2JWBmyy2WmsfKRqOsQA21ZrYOI8w/B4SGDWxqY76rYDjJiCNYQNaxXD4/CqTEu03whz9HCExSp2wUNE/BOAaH1xZXxALAVuHvFgzgStnR4Dju3B18+msW33LVyrBsPxOwKWr10p/CGdM8zSqdc8A5d98FMsBAOcw+8v3LetmbAvuVCMrs0cv5pJBvPgmLsh5Ew34qlXn4dzlc5lyq47NecinJ7Dkrnp8yQDcshHX2T9gcbFlAgDcgy+V7dKfnVBzMgLnsOSzFMSbAfy5cNIwFkCNfjI3Pm77yW0gEMj5HRYIoMbO52kkTRZ3PGUdySB/rl5TjrqNbTaOZFJEIBBCdTUwMcGXQ0iry7gUqlZ/YDxrfXZkzZQXGW2Rjwx2EePtaJkISHXlHRkwgWkB0vZdeUGUhLRI2bbhoLFodQW0ddKw7rcz63BjZwUGR5GIBKUn8ME6hNggCjFNlpyMU+jujSAY7sVRtGCbw9wxYjKOdrNIoZpKdcuIMO1gGqf/vq4vRDGO0UQEwSDURSCPjuSjv7nsg1bvOMZRI9sf5X7Pbfvs3pt8VCMQqpavcgITg9nvJR67zjsG2LY7gRAa5S6ZcHXWb78dePFkvPCsHVxkgdhJt5EWwk0Ihn1AsAn93VC3AxcmCk73sC0xqjsIYwLTCQF+PwAnwT2F1gcAE2rF3lOIfvNiDLBjq7PZMG0OnTkeejUGcKPOEXTO8hzYlcOtubK+rvR69PMFNd8nR1knGNZF4+MYr6nJ6Hsn+qCX3Uz+jDrkurNdl5N2GB8egxAOwyePD7kO+XF3faGHb67Bc1+4qZPz7Z4vBXmXgOeUlyyIF9/Eh7JzbXmOclcvp4A1fgCVKPcBuCh/oHPC4fJEhvOOrd4Dv7L9WncAivo524LbFKfminqs1G03rngshSvvduDCP2Z3NJaHntS2V2eJXrSSIWvduqjNK6fPZNYpOzbn3t2PK/fvn2fOxnNY8mfgyxzhl2J55lZk9vkZk5KAuPQBAPfgS99eyWkJYMmMdiCLbc
<pre blockindex=34><code class="hljs language-js">pay<span class=hljs-string>`+/*_*/where+false order by 1#
pay`</span>+<span class=hljs-comment>/*_*/</span>where+<span class=hljs-literal>false</span> order by <span class=hljs-number>4839</span>#
</code></pre>
<p blockindex=35>这里命中了，但没识别出order by的注入</p>
<h6 blockindex=36>编码问题</h6>
<p blockindex=37>在这折腾了好久，觉得是sqlmap的版本原因，下载了最新的版本，再次发包，再测试发现order by 4839#这部分包又不测试了，觉得是代理的问题，于是换了socks发现也一样，后续发现报文出问题了<br>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABe0AAAKyCAYAAABIXfXGAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzde5Rb5X3v/88Eg48vXGw8lmyDSZAah9Qam9hOUzikdI1GIjkHMiGrPcZjCj1JE8/0rHU8DMX2H20Ja/1qm8MwXuusNU4p/Bpij+G3eskU2hTNaFabC6TUdrAlN4REgoKxRxo7Y3zDNrbx74+9pdFl6zpbo8u8X2uxEktbj579aI/07O/+7u/T9KUv//crssmZjz62qyldPH3clnbOf+JaW9qRpI/nLrKtrU/NOWtbW8c/mmlbWx9qtm1t3TTDns9wtGmJLe1I0qwPfmFbW3PnzLKtrZictrXVFA/Z1tbHsxbY0s4nztlzLEjSlRn2HaP6+KJtTV1q9tjWlp1mHAvb0s6i5htsacfwCdtaOiz7vh+aLpws63UzPoja1oecHF51d7fKGd6jTQN5PlPPOm3v8CgW3KG+YLzy/Zoqdbn/DrV1b5RXI+rrCypmS5O1Mw4tHVvV4QlrYPMe2ferUwOKHeNKqObnVu/HVk397QMAACCvSs/dGmRuOKPaHQAAAAXEg+rbHKx2L6qnlvffs07bvWMZgXkzYO+IK2hXwF6qnXFweNXqkcIDDRawl2pnjCsh3+dWK/vdyMcWAAAAUAKC9gAAAOUK79EmrdP2bVuzH++b4kztCnN6N6rb65AkhQe2aHdj7V7DqofPrR76CAAAAEylJsrjFI/yOKWhPE7xKI9TPMrjlIbyOMWr6fI4AAAAAABg2rAvcgIAAAAAAAAAACaF8jgAAEzCR0t/t9pdAAAAAAAADYRMewAAAAAAAAAAagRBewAAAAAAAAAAagRBewAAAAAAAAAAasSM65d90bbGzozG7Wvr2tq7ntB8w2zb2pp9wxzb2pp7Yty2tq661GRbW7HLTlvaabr0kS3tSNLsT9tXe/ri5cu2teWcYd/yEodn3mhbWyjB5Yv2tXXV1bY1dfGm/2pLOydmX2NLO5J0+eMrtrV15bx9435l5vW2tQUAAAAAAFCu2ouMAwAAAAAAAAAwTRG0BwAAAAAAAACgRhC0BwAAAABMyhduW6LND9ypz39mcbW7AgAAUPfsK6QNAACm2Fzds/YO+efH9Xz/QR2o9Nu5VqjP79Do3tf05N4zRW9/MDCk70aNhxatuUOPrZlbfBt5TXL/LfpXafbuf8IUHwfT0iTGuOJ/B5XEsYXi3HZLs37/7s+qqalJv7vyk/r3XxytdpfQQBLfmWmiB9UdsF5TL2t7m7ZF4zKOg7PZv3Xmb3h+OX4jM1+bemxNpt1GNN+lx9a6pDzzIuMzkgIvvqZXxqWJOUqBtsejevLFqEZT3meRVNwcLPk5nUl53/Tnan8u1xgS39VTed5WCwjaAwBQr+Y71DJfGt0bnR4T+kzTff8TGIeyrfT79JCriJPi6TrG03W/UZKF8+boQe9yNTU1SZJ++vP3q9wjNBTXCjNQNzQRMJvv0mNrV6hvbUowzmR8r5+Z2N6mbdGY0i/anM3eIHpQ3f05XpwMNGf/RmYdW+Z7PeyKGwHHMttFqjN65cUhvZL8d/GJBqPjZ7TI5dCivWfy/p2vdBe6sAJUFuVxAACoUyvXuLRIZxSK1k92x+je19TdP2RLRsp03/+EehyH2jBXznnFbWn3GFfiOKgEji0UMmvm1fr6PSs1a+bVkqT9vxzVj0LvVblXaCgnonqyPyPDdTyqXXvPSPNd8rtSHnet0EMu6WAgZfvxqJ4MxCe3LRrPfJce6/LpQYXU3f+aAuOFX5LJ+I2Mayjjt3zRmjvMhID043Z072tFZQjnahc2OnFWo4X+zue75HOd0UHmQKgigvYAANQlh1a6JEWj6Sey08Z03/8ExqHypusYT9f9RrGampr0YJtHC+fNkSS9Gz+p/+9f/qPKvULDGbfOhB2NxjUqaeH8idI2RlZsXAcyA6PRmA5KWpGSNVvKtmhA41E9OZmL58mLPpkZ3Q7518wt/w61nO3CVuNRDUWlFWuMUjlWVq5xaVE0WtYFHcAulMcBAKAOLVrj0gpJByMpdVdTayuOuzJqZWbfKjpx625GBlsRdSWza3EWWXczTx350mrQTn7/rZQ7JsbrUh4Yj+rJvXP1WOa+5qlvfjAwpAPu9HYK1W20bRwsaqtmvnfOsZEkOfRw1wqtMOuGqoh9yhyzfPuaua1V/dBSxjH9WHPooS6fHsrZrsUYS0WNWU5Wfwc18LmlBsZq9diyvI3dhr99lO6+Oz6t25YukCSdPHtBf/3KAV28/HGVe4VpY95coy518gHz7qnxM8qeOZxVbFxaMW+uFimu0ZK2BTLN1T1rHNJ4VIGsuaxLK3RGgbKys3O3C/sdiMT1kN+hFfOjGs2ce8x3yeeSDpp33qACJjF3K+ocokHmhgTtAQCoO3O1wjU356R+0Zo71Dce1ZP9B82TTSPo9VDXHXJaBsVKY3/7iRqU6bU/5VoxUfszY/tq7n/uvk+0vdLv02P+0lpa4fdJgSF1B1La9d+he3L22aZxmO/SY+6YuvsPJl+70u/TQxnvfSAS10Muh/xrHHol82KKy2kEePcaQdVE1lL6PpnBV79PfTJLxATOFNjXlIBtvxmwda1Qn/8O9c23vqhTzDiO7n1N3XuLqX2aY4yLHLNyVPNzK7jfNdXHSfQLBc2eebVWuB365eFf69enzqU9t2bZYknS3StukSRdvPyx/vqVAzp59sKU9xPTV6LW9Nh4Ijg6R875kqJWmflnFDshyTVXDkmjJW0LZHC55J8vHQxk/y455s+VFFds3Jy/JJ/JdWG6uHZRAdGoAuN3WM49FrkcRomiqKRCC91iUkqdu63w+7Qw6xzCp4dzJM7U+9yQ8jgAANQbc1KfuDU8S1ZGalzffTGqUc2Vf40Nt3vb3P6iNS3mSUrGxCl60Dprudr7X0TfDwSG9HypWVJp+3tGrwwV6LNd45Co4ZviwF6L7RK3CLucWpm2dZ7MsLR9iiuQyGJP1CPO2NcW19y0l6/0r9AKxfV86n5EDxpj63LpHqsTqVLHMZ9cY1zsmJWjFj63eji2JtMvFPR7d39Wv/87n9XGr/2WFt848Xd5i+N6/d7dn9Xv3f3Z5GN/868/17vxk9XoJqYpo2a40r8b5s/VwmIbKGVbIE2+36XEWjkOPdTlUuzFIXX3G/89H50r/1qfHs6ZtE2WvWQGWLt8lv+l3Y1rC7NefdZ8cpIljlCaUudu0YMpd8Um5vl5SprV+dyQoD0AAHUmUYc11wJVloG28bhC40reTj4ZedvPCroVkj+j10q1939C/r7Hx0u7NTqr/Mr4GY3l2b5i42CWAsp+PrEYl1nrPLm9Qy05AryZ+zQ6fjZ33yQtmj8n5V+JmuqxrJMmY2ytF5ItdRzzKTTGSTnHrHS18LnVw7Fla7+Q5dz5i5KkubOuUed9q7X4xrm6fs5M/eE9K3X1VZ/Q1VcZp5H/evBd7X3raDW7imlmpT8RvMu4oAtMhUIXtU3ZyRwHjbUSctVQL7LdRje697XkhY7M/8pefyDf+0XjWUkjiRJHIRagnRKlzt1yzvNzzPPqfW5IeRwAAOqJWWPRKpCZMGYZLLbvdu+87Zd6C6kZlLO+Rd1q++rv/4R8t9cnAtQ2ZAVZ1dW1dRwyb+HObXRvVAfXrDCyWaLGpDlxC/HzkzmZMifcaRPnRCaka4X6uspvOqnU+sR5x7j4MStV1T+3Oj62pu5vv/F9/9W3tOD62fqNm+YnA/cnz17Q9XNmJrd5873jeum1X1axl5hWUi/6Wa1xYfU7kksp2wIpiruYb7HAsfnYCpd1DfWikwRgr/GohqIuPbTGpZV7D+qAmWWv6MGaL5vSKKp63loHc0OC9gAA1BEjiHVGgb3WC7TmZp2VbJ9Kt2+o3f2fWvaNw1zdszYRVE2tt5or2Jo46XTpnvlxvTKeuIU4VLlbiPMsSFxJuce41DGzw9R9bo13bDXW3/5UuXjpsv7qB2/oj758ezJwP3fWNZKksRPGHTO7hsO6cuVKNbuJ6SJlQWurBcP
<p blockindex=38>sqlmap报文编码导致自定义的字符失效了，被编码了%2B%2F%2A_%2A%2F</p>
<p blockindex=39>burp做个发包替换，</p>
<pre blockindex=40><code class="hljs language-js">%2B%2F%2A_%2A%2F-&gt;pay<span class=hljs-string>`+/*_*/where
</span></code></pre>
<h6 blockindex=41>识别注入</h6>
<p blockindex=42>识别成功，order by</p>
<p blockindex=43><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAB1sAAAHJCAYAAADD1FDmAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9f2wcx5nn/S1KNinHpryQZDtuceiETmYCy4vkvTcGGqR8kg7JHjh5N/adMX+Q9NGvD4sb8hLDb+BJQO5SpwsT8pK5xW5ig5xggU1oU9zswIidrIfrbM6kYpHbRuxg41haDSMzFw7Z+WHR55B0JFEW3e8f/at62DPd1T/mB1kfYASRrKl++qmqp5769RSZ/5f/rYDD4XA4HA6Hw+FwOBwOh8PhcDgcDofD4XA4TDRUWwAOh8PhcDgcDofD4XA4HA6Hw+FwOBwOh8OpR/hiK4fD4XA4HA6Hw+FwOBwOh8PhcDgcDofD4XiAL7ZyOBwOh8PhcDgcDofD4XA4HA6Hw+FwOByOB/ba/fJPjt5r/J/E+jGZSUCAjGyyB2P58le8/tH/+zpaPgYABVz65p/iNyul07Ok9QI5/AQ++tjDaASAC6fw828/VzEZzHzPYvlLn8c7ipkvLdfmyz1YeOENV38DgFj/aWQSAiBnkewZR17xL69TGZN9X8DlD/VgiwDY+DJuLjyv/p4cwXttT+NqIwDlLG668Dj24B7zd5uT+MDiX4GUkJEp36b/z33a/X+NDeGo+pCNL+OW5Tfx/v67oQB4/+DJsrIFqV9TrwAgQ5LmsTy3hJnFaeQpHRMSQ99kBgmhOAcJ6eODyJXSH4ljZDYFEQCkNI4N5Er+Xc4m0T2W3/497T0X0Ok6La0TZxmod6O+X+r3hv61uji+0Fk2fxZKPdOSxlJmJaDfw2UZs8gQFiQ+itmUqL2CWcYAEB89A/VPpg1wKvtt+ZMYop1tONHagZb2CETB1KKUPo6BnFJWhrKy03qzq2eM5cYKa7k5tQtD33IWyZ4ZnKDe7fggLG2xZ+ZEKO/GYh/0fN2UMcBg+xjKbaFzxLbuOOk6DD3ouihXJ0s9w6+dDEsPYcFid8bRZ9aHorawrS7SdYd6X2t/qvah04i6br/F+ZaTgUkPDPLmSvWxFewz6HJT9bCIaGcb2gC0dqWsdTLKUG4+6kP5MqZ8BVlCdmoOS1q+iyX6Y1d6qIFyC6vfpNM59t0l8ippu0LoA3z547oOnWy5k/2l67pLeV33m0U23NKOisqPJS2zjuDct7DUB1adsbQdL3owv+NuXiMomMZkDDor5ROUl2XntflakTesPtv9nELt1LNtz3WwTeYcQPn5Dzf51sL4wpS1/uYf6mF+h3VeQ4elngUpw/iC/VjEqWzc+HKh+AQs4yzKlsjZJHqWes0xhI7TPKLd3z2OGVhkcNTDLvGNXOsjYHvG0rcw+eslxv7O7c3B9tVKfXDZB/T395fLkRMytoutXtn3mX/QFhiBzZcHyy5csqT1jPxDrK8+jEMHARxqwz5CcIVqTBWRwYHNt85V/JnBcTeu36j999oSSEC5Kso5NFwD1FXyVrzfBOxhyWBzCXuUo+rCrJYf+f05Vb7mk1q+4aPkx9CTnEHniV50tUcgigmIIpBAqnwnKcuQBQECRKRGOpELfNJ8EcsyIJa15l7SOlBYcnRuFsanICVSECEgMTSJdghGJ5KdmA5ACPfI2TSGZxbtpDTew3MZVxmhpQ2A7hzE0BrR/1LA0oLNFxzKLhYfxVBKNMpKlguQJEAMpOKw4abc6pXKvJt9m2cpYy/twundgupf3BOg7WPBhZ2sVxztTtSaXlFymMh2QUwIgJBAb+c4nLvDNrToZSYvw65GseBNBpb881gqAGrDiqA1Cl1F1WVxGTJEY9CnKHnkc3nkAcQ7Uig3GnSrM9b64J5lzExPh9qOarbcGAmr7w6jD/CFXp+FFpi1zgYG++tGXqZ+U8lhTkpBFAGIHejsBPRpQmluukzaLvT1FUqmrSWYy9ihPDzpIdoK1dSU8HcrTnlfI2jfaNe0+VqQN0B/zv94s7L1rJaot3eru/mHOpvfqQkCHuvVnE8wPYFsl2hzkMQ7zGOGEGQIi5rwjUIiNPvL0obqbG6l7voATkkCCyNM7nsKH7lfs3oXTm07kek1ratnH34C0a+/jj/++uu46z53TTZoGbzSeNsR6y/uvMtYC6z5hdj9x3FdV/e1X5Y8wVpxrv4Tbrim/f/m43ifqEIScgTv31j6a0FDSAxRAIszg+ju7saxY8eQTEvqH4UEhvpsZhLlLJI9PRjOyurPYhf6Y/6HAaqDokNNRtt0Pixpgyba12U4A7L2ryxLSFdw97mO0ALk83njg7Y2tLW1oa3NLDdPZVwtpucg6f+PtCJG9Hrlb3GCkDh69YkbKYvk8R50dw9gcGJeK0OKxeXtv4Oqx/7TZ3DmzBmcOd1PycaOm3KrV8J6N6c2z1TG8NYuHN+tRN0xJ079U03b55oK6CFQfNqdhfEp4/tiV5+zbejsMPqQoMqNWYadwMIM5vWKJnYgbvhR9ARHma+X0llI/dCOJqR+k9Wu2xI9gXabiaxQ+gA/LCyhAAAQ0dHpPzvAWV4v+p2eyGp/E5HST2TIWdjNRZtpBSQSxjQaPM+jBdG3lKgPOmGUMaseoifatTKZ83WiyQ9sYzJvvpGdfdhVbb5e5S2BN3mrU89qjVoYX7Cw4+YfENL8DlVu1rpOE/KmmlqQQSNwn8AHipLHzLzrXqU0PsYMgcmwS3yjsNhxfUuN1Id66wN2K4EstpL7nsK9D2lhWy+cwsXvPB9IWpp9h+9VP3YNTf4h1lfV/zY/9AN88LCapik+op5qBbD5rz80TrWGIgMLlLyN948Y8hLyIFqPaXLhLNZe9feYMFFu/QIu36nJqhTQdOn7Aeb9DVy+Rf9pCQ1XUbSA+giu79PKYP+fqWGBAeDdWTQoChTlHPa8q06rgBzF5ZbPqv9v+jTeq+Bia+dIBplMBpkhc6JxoZSB1tEGQAvjw1DXWwUkhgKY3KUWbS0O77KNe8KSNkAIieGE3vPIWUwND2N4eBjDPYPIBbDQapxEKYdlgtnUA4n1YyiVQiqVQqrDdKZZy9iVDCGh7nLTfhAS6O1UO2FLGc/PsC9OWJwLfXEuhr4hm1AYlH6FxJC5kYB2OrwskDCWGyvVLLew3604X9s2z1LGYGgXLO9mTJYDQqLXWPzp7HUIucJClWwfE5XQQ4D4tTvqKUmZ+n7pZ8Xi/ZhMmdM5Qe2WZ5GBlVh8FGaUK+8TMrFYTP0ENBi1TlKoUTYAOA4Qze/b64ypPpSwD+jsNXeqV2nBJKhyc0VY/SajXTfQJrwIiZW0O6H0AT6g66OvDRMs8nrRL52/Rkn7aJc2O+G9PZToW4zFyVI41Yewy5hBD4TE0asZj6qeAHbyNZh8Iwb7sFvafL3J6wJPcwrVqme1QA2NL3b7/ENo8zuldEb7Z2H7iLUgg50sGv58An8+OL3p0it+x5BByLAbfCMWArdndde31EZ98OQTcCqO7zDChDyIVn3hEgAOPYpI6lFroks/RuE7f4mreMB1WjrcLzn8BCJl7l5VlDfw26ln0PzYw2hEBIce+xkO0QlWn0Ehd45ZXhYZWLCVd7UAHNSHQAWsP2u957VmuOUk3r3npPnz5lk0yY9j7xUbWRt7cLXtfptMltC4+Lg1NPAtJ3Hl7pPYokP8KgXs/fXj6gIqzuGG1bO4KhwFSARXP/xT7NmEmb5owbfhd3+Bppu1u1yLZa4Q03MSukQRgpBAZrYdklRARDRDN83PlJ6dU5Q8xqckJFKitjtlxvX9KPYISGQm0UKHipKzGB63k4ElbXCo75xFeyoBQUgglUlYE8gSssODvk64Ts9JSImqTjOT7ZAhQKDi6CtKHuM9abTMaqFuMrNol2UIxn1G1gl8L2XsJEOYTA+m0aHdJyCmMjiTov7otYwXZjAvJ1THW0zhzOkuQLB3NxQlj/HhLNozCQi2+pWQHmSfAGMtNy9Uq9wq8W4w8qWKjq4PDGUMuG8XLO+mKDkMpju0ezJEpGZn0YWy0UyD10MNUBk9BItfu2OGH9MWSqbHYfmGmMIZOtNyfYWQwNBku81TCpjqGUSplmQ
<p blockindex=44>后续的流程就很简单了，识别到order by 判断列数，union子查询拼接case条件从句</p>
<p blockindex=45><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAB28AAAJaCAYAAAAI1gzUAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9MYwkN5rn+6+e2u7Cop+qZoHdPBlSE12Ddg7I0Q4wPo3NMmadgbBmGwTGmG49ZwChZpwzaBxw2yosIGvVMgag0d4bCO3sGlVjEDhjnH3amgTO0W012NID9HIO95QljAZZmlbXM8iIYERGZAQjg5mRWd8PKKkzgsH4SH5kkPz4kTt37969RgITUEqAwUAJAWUwx97oEzwYHQIALp/9EC/HAIYnGD48yl/DIQbvf4LBAMD4GONnpzaCwWM8eP8R9gDMzt7FZ2cX8y8JwYsPKLyrFzJY9oaP8fZDLwxO8fKXx7hcEC0TCkowwCgIoWCWkzKJdHEZ3/k5/vSDn+M1AHz9K9z94gy4M8LsB0/wygXZ/eJH2PsaAO7j2x/8Bt/eAXD1Mf7yPz7Grar3lsULAG88wR/fGtl/p++rCOu/D2fY+x+/wi6A13/zG/zpr+/nZfPivfW//gF/+YcXJVkRIX9rYRBKQTAAWoJL3fg5xhkYABgDbUwc8XovQ1O8fF5p+a5IBi6hJQegIbmErrxvMUpAKAMuNbLL1e18NV6aoCGFhDZeXfLelQ+bvas8LIfUEhwIrBd14ibtXTHeQjq4hPbD5sLXlaMne+n9gHxoLQPRlrQcutS76ESqL1tBljdZ+7J+WbTk6G8xVfRLvPaomJeMC0jptVVV36JlZFlTW9c0bX4bnpav9+31yzwkbL9o22fdAOr6UWGR9ajd2WaatA9brLOt6VuedNeHydrWNmOaFUFjESJH3+pjLDY5nascZ92U/kPbecR1jHlD27rmaQv7Zq1i7nU+f997770I7yEIIpQnT57g8jKzGFba2so5wsAZbjF5isnYXR6fpUbI/eGR+9ch9gb2X7OJZxydXOAqVOpKDjHIGUTn769fBgCDouF2w7g6w15qQAVe7Y+6i/vr32I3+fed+9ZgG8R9vHrjvvv3GXa/no/39RujFvH2DQOjNbTWazSa9kEGIocxjQbOjHMwMDC27Au9OIxBogZG61QOlgRgHDwNq6GTsEqlk6RWrp7ChZvkWJJl8qErGYgKOERiUNF6rZIQ24iGcqNyzvlaJVlM1q4b/9te9X1hRePmFtE4bVnbAaOgtLusddquZ2UeEpZYOQ37UQRB9JlsTLJV0FiEIIitYJvnEdukrck3a5vzjCCIUHbrg3gMDnHH/XM2PsUsvXGK6fgE+0MbZg/ADBeYTYD9AbA3OARwMRfH1aTc49WGBzC58N5REm50Yr1qK+mDDFaOy/EpLs+OMRv9HveGdeF7yNe/xS5G1vv2jb/DK5wFKk8sDvE6KUzfEIwL3Pr6BW7dATq01DegYCALmBRi2expxYRptvJq4f0CpuxjHxK2jQzuPvMyozpuP89sR4YxDsYAY3TgYDyJi+WvZhbHyviayVqUFyV50V6GxmjpJoMb6hdjYP7Afe62vTGf7iQticzu/wxpWdvLCoKr+Xe6f/rG3co4egeDEBxKmiWjWSYfOpKhQh4YA1NWp6vqefpsuQ43qkNzcRd1LB9XvU4uQZoejUrbbUN55+VzlLWVbdpJr/42SffiOL00IF+mtd+h+hc3T1tjPWsrr7diGQZGL05Tl/qbxqM1jBBgnIMjM9b1i6wtsnlg7GW/7colztjFDkrCCH83h2VYxbe7CQ3TVtmu27aE8yyMCQm7hOQh+dBpnsWqx0v3J0tk8gntRzUmQrsTHDb8OzR3vbTOBeRvkLx1LNevbipHlHpRYNlyW0XfqFM9S4OG9WHqSGRk+YsV36z55xaFCe/3xYTGIls/FkFDmYPa37C2ujkR4m1R39bVRsXXhzX2H1r1uQKpqtNz4boc886/tzr8En2NmrS1/WY1zjMElFnH32OCIFZDoPH2fuo9WmX0xOA+7sAaby/HF9ZTd3iCBw+BydjzUvU9d3PPP8bbyRbEJdsP58I5L+DZ2TEuh2VG1D7IAGByiomLY788pg3gAreuANypDvH6zv25a7eu5rcrzsIe4tVb3nbMf1iw7XIVld66L3D7i3/A7dD4loBLBZl8CT3qt0DxtzqyW9HOh+aQatGWId79eQmgpYTUpkXYEBkYhFQLVufOb03nb9dU+oTkCBkrMiHn42MCUokFMkhIwQvdNAOtJGSh3JqUcRsZ2hDWkeYQstgVdTjZGIq6WrZljIFSGkJyWL1V0FJC1QwuCpJnEwVJJzkkKauEc3CoSJGX5ENUGRiElBAl+gsgvy2aLNvmyrte2EKoeR3y2hCjoeF7AnhxBunkEtQOiBrK62TjUjb4BoS2k/5Wd/VUloXXrtt2rD6u8K1cQ9LWXM9YS3mZkIWaU96ud66/uWjcREGv2zoDrY01ZHEJJSWUZhCJB6rvLQoARkO5jOYdSdDpt7uyD9OApmkLmHAxIWGbyuk/WtGPKut7dp9nsepxeH+yTR+8swlJj+7bnZAybvEdavidD8nfkLQ1oXW/msuShVnLjQOaETrOalhukftGzduHpnpWkK0rvHzI4JCKp7/K+gPN0tbiOx8bGots71ikURsVUt+WmY9aRJgMzQmrb83LOEIbtQJ9iNN/aBI2vM8VTt08opOjizFvy7S1n8OrSVuLb1ajeNPom9eLzr/HBEGsjGBbWQizs2N3/i2wNzzBvdRoeoqXzz4q92idnGLy7Bgvnx3jZeVZtHkD7OcLzqztgwzbwQtrvAWQ83ZNuPNzzH7wG/wp9/eBO5+2wBtP3P0n7v4L7H7xD+4c3UDKjLd37uN17q9FvKHwrINolIAQeWNe9UeyeEbN8kY9ADBaQgjpzlGwHdgqGULChqEhBYdIOxoc0p+541kHySgBIbPOrlECnIcaDgCjpM37ND0AjIIUIr3uR2knxLjriNtn7TsZuChMNDYs41AZVkXlgNzbPosJkU02+avy/FXaWkLI5DcDlwpKKyiZ7zSyyhduEt52ly1ZPh+WlwGwg3mR6q/sTA+D6lDuQatfxmgoKSGVp2OhOtlW9qRsGqxmXSgv3MApl78ibb8WfwMWt5PcG3Bqubj9yJXFXLteXhbFfPRtGcvrbs03oAWh8ia6nuZDoSyi6G8kuFRQqv6vTRYbJTN95TLbOthoSO/bHIulvt0NdX0byZ1XqIvtTj4f+pRn4e1OfX+yXR88Dl22O2Fl3PY7VENA/rZuUxewXL96se7EkHdO/ppxVuNyi9g3CmkfQvQspA/TGK/ss4lp7emDKBhuW7Z9a/jOl0NjkTo2eSxS30YFtOuRvoXRvi25l9SNs0K+mxHaqBXpQ/f9hzbft+7Hb01oPebtKG3R5vACv1khhORDlO8xQRArozPj7bwn7iEG73+SbhE8Gz/Fy7NTzCYABke4593L47YYHp/ismpL43Sr4gtMqgywvZHhhnB1httf/Ap7ub+PsVu2ZfHVx/b+/zpzBuH7ePXWB5i9sZwIt64uAIzmjchv/Tz6mbf+dhpaGxhjsk6z3wHIPVQ03HY0QWoUpNSu85vEySAEXy5smBBQQkIbwGiVpZ+x1MCX5Zk9F9Bor1PcepDp8r7gTZFcy1/2BqJaQigNY+wqbJ2E4DwN3byMQ2ToA9ab1sKRJJmLZIVgdm5j+oSWEJxDSOXKjIFxCZWsDtxwjMrKMzdA21QZmEBapVNd15BtRwopYXWoSDqJpjV0zvMhXCdXQbW8ALSClNboJZN8SAfxrGLxRE07WSg3qc2CcvPKwm/XvYFZln+p0FBpHXbPdTaQq/8GhBMor1GuLKq+b7H0Nw6mgeFWKVXe31gIg/CMvkYn+QbbT2lpEA6j5be7sa6vjhBvzuU8Pwv6Kz39dfnGUv3tU56Ftjsh/cmAPngsOm13QsoYLb9D9TTP3+Xa1Gra9qvrdCeWvL4IDcZZjcstVt8osH1oKm9QHyaMtOzzF0v0ZLm2b9Xf+dy7aSzSkE0eizToKwe069G+hZG+LUWqyyKwjKO0USvQh5j9h8b1Isb4rQFtx7ydpi3eHF7zb1Y
<p blockindex=46><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAB4AAAADoCAYAAAAOovl/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdT4wjx50n+m+1yt3FgSCJAYwL6IJsQlHQZXt7jQfkXgwIPExVHscYzIEHHXh4gKQ+LSDIuvI4bWGAOdVINx50IPAMQz4m2wdifNhD+i3kRs9l0NGgR8+9KD1MsEsYu6rkVmsPmZEZTGYy/zCTZFV/P0BbLjIZjIiMzCTzx1/Ezquvvvo9jE4fw2EfHUwx7PcxnGLB3tGv8PaRBABcPPg7/NsDhdff/T1+fBcAFE7/8e9wepp40f4HePvD97FnvWaZvf2gfJwqXKQ9X6UOEYn9D3+F/X0ADz/Cw8/HFepglWG9X1q9Vqlvpz/EsN8BpkP0+0NMs5pURt4+vvUe/nz4Hl4AwDcf49WvHuDFa+/h4s3wMTzBzcd/j5uXAPAWvj38Jb69BeDyM/zV489wI+t9U8oFgBev3cef3zwKN3qAvX/9GLt2ufb7vXYf/2m2tcv44S/x579+a/5x+/0y6lZf/3YxmAzQBQCrX6PyAUyHffSHUwAd9IdDBA9b+yDaLwAmA3QHk8Wy5x7PFr/vBIPuAIuvyKhDd4DJIGhFlTp0BxMMugj7c4KueY/JAN0BojKCvkCJfrD7N25T9H4l+maZuLysfitcUmp97fEQ19faF9E47KA7GMZtsx5vduzY5Zu3NuN2VXl1sd577vm0/ikn7TiM93XyPNhBJ9gU0+nydypXbj1tSZo/5sLyrPFQ7bxTw7ap55Iy+7jcMV+0H+7du1e1q4mIiIiIiIiIiIgac//+fZydndVa5m7ZF1w8+Aind4Pg597Rr3D3KPHcQiBTYv/dIPgLjHGaE/zF/gf4URgszgrQlq9DSbl1UDj9/FO8/uH72IPE/oe/x7799Omn+HernY3Xtymv3cd//pf78d+XD3Dzq4/D4G/CrfdwcXiU8oTCzccfzw+01+7jz4f38eKW/eAT7H5ltnuCm18/wLdvHiEIMv8vPL+EtX3wvHHj65/j5mthwDhZ57ULghmdCdDtdoKHpkMMokjQFMP+AJ3JAF100B9O0J1O0TFRJ0wxHE4aruMUw8EAnaFdByCuwhD9FYOphepQuB8mGAwmYUCpi8FkgimAzkKZ2yJZ3yGmU1hts00xmUzR73fCgFUHE3TRTdu08bFj1cX6+6qbDgcYdoMAY6c/xKSfeG4a/93pD6Kg7mTQxbLDoEy5QeHWfp1Oa/lBz2QywbTbRafTx3DSxWQyRafbDY8Ne/+VGTtTDAdDdId9dFK3DcZ3vG0T55Jyx3zxfiAiIiIiIiIiIiJ6OZQOAAcZq/8NZ3c/wP7REW6Fj509+BSnD1OCu3eP8ToULk6BywcfIT9+rXD2cIxLADjNChaXrEPCxcMxzvaXl59bh9N/xr/9fIzXj97HG3dlUIdThbOHaXVYrb7r9QS73zwIs32tx84eYPebJwtb3/jmAXZvLTw899obGeXeCAPJN84+w+43ZrvQNx/j1ce/wbc//Bs8vyWj7W988xlunj2IXmve4+bjv8fua+/h4odh5jYUbkCGGcB5ba5RGNjpdMIMwukQg8EkEeyZYNDto9vvox9GhKbTKaaTIYbD5LZTTCeTIBs1JyMxfskEk0kneO2SbdLqMBkOMZkkX1esDtPpBJNJvM10MkFQDevvuSJK9MNkgG6/i36/HwXRpnYQrWjfLBHVf1m/FTUZoNvvYzDoRkGraRAFXghiTYcDDGD6oIMOJpgMJ5iiGwTS5trW7NiZTiaY9sMsz+kE9cXN8uuSHC95j5d572G/i0m3j37fCgoOhxgmGxgdO0XerkS54XPTMJA5DQba6iYD9Ptd9PtddDudIEg7nWIynQTH8lw1Soyd6RD97qTgtsXPJaX2cZljvlQ/EBEREREREREREV1/O+lTQCO6UQ0AmE5SggtUvw76g34cIDIZY41MAf0y7uOm+jeerrS+KXPp+ik/nffaWeeHvAxYoquGU0ATERERERERERHRNlrDFNBTTCaTLZ5a9SVjMvBqyG60CuU+NhrpX6KrZ259YgCAyYYmIiIiIiIiIiIiIqKrZj4DmIgqiDOLp5Os6V+JrAz0uXWht4C9Pi0SswMQXRPMACYiIiIiIiIiIqJt1EQGMAPAREREdCUxqEtERERERERERERXXfNTQHf6GAy6i9MDTycYDGpag5aW6GIw7Dfb/y/1Pl5D/xIRERERERERERERERFt0G7ygU6ngw6mmAyHiGeynTI4thZTDIfDKEDZ6fbRt+dlrcnLu4/X079EREREREREREREREREm7IQADamkwmylzKV2H/3E+zfldEjFw8/wr9/PsZFYsu9u5/gR0fH2NtH7rblFK9D0uvv/h4/vgvg4Ud4+Pm4ehX2j7F/9P58HU7HOP38I5ydVqnvFNNJHIjtdProV69drtR9fOs9XLx5hBdzDyrc+OY3uHn2ADcu7cffwrdv/gLPby15k8vP8FdfPcgoN6Nse1vz+oX3U7j5+GNrAL+F52/+At/eegsvbgHAE9z45gH2vvoMN+IWr7V/03XQHwyC9VanQ/QHk7XXoHodtngN2yxhxnu30wn+nk4xnQ4xGGzpGreF61tmX2zDmFsHK8O/8Xa+LH1KRERERERERERERFdRZgA42zF+/ItP8Hr418Wpwt6+xN7dT/D2u5gLqO4d/QpvH4UBz1OFMwCvm20/PMIf/vEjVJvRungdFtz9JAj+ruwYP/4wrMOpwtmpwq27x9jbP8aPP5Q4/ce/w+mptW3V+m7Ai1tvRYHaG5fh3399hOd/fR83/v+/x199/STeOAq4AjcunyyUlV3uEwBvWWX/Dfb+NQ7oRtteJgqJ3k9ZD76Fbw9/iW9NIPrySbDda+/hz//lrblyt0Kng04H2GgEslIdOuh0u+gCwGRS9sXr1+ljGAUEgx87dDodYHES8O1Qqr4l90XR/d3phO82xTRv221k6j9d03t11vRem3LVxwMRERERERERERHRS6p0XGzv6P0okHn2+X/DHx4CuPsJ7r57HAZXx8Fj+x/gRyb4a2XaRkHh/WPsH32Kswcq7W3qqUPS/gd4+93j0u+X5vV3TUB3HAey95/g7Q/fxx4kXr8rcRq2rXJ9N+2bj8Ps3SNcHN7HcwAv/vqXuLj4v7D3TWLby8+w99jOti1QLgC8dh//+eYRgCNcvPkbvBpl+xb34oe/iIK/u1+FdbPK/faHn2H36+XBaSpiiuFggAmAqxAN6nS7UfBqOBhg2xOWy9W3iX3RQX8wRL+DIKu1z3WxX24cD0RERERERERERERXVaF4XewY+1FG76c4NUHLhw+iTN7X7wYB1r27R9gDACicPogzXC8efBptu3f3ONymmTrMk9h/9/0K75dGAhjj7OEYZ1Z7cKqihNW9fTPVc9X6bpHLB9izArPPXz+qr+xvfhP/CsHKEC7uLTx/7a3w/z/ArglMW+W+eC1t6mkqbxpMGz6ZYHIFAsCxq5a9WKS+V3VfEBERERERERERERFR08plAO9LmFl2Lx7aa9eO8ezhJ3j9brDNHoBbUQBU4WJhPdzlouDpqVpcz7dEHezX7h19gn1rHeKV6gCFs89Tpq+263aqVqrv1vnmN9jFEZ4DwGt/g+d4sCXTKstoCuq5YDIUbnzzBDduYXEa6YZ1zPqtAKYFgnNFty9Tbtk6LLxuOk3P9oum2C32fLF6hFPpBlthOgU6nS46HWA6nZQO3pr37Mw/GP2dVY9CdV1ov6l79SBz1frm7oviNQjb0Jl/NOqP7LY11WeFx2+nG6zDi/qT0ps5ju2xjhLHWV6fFSy3UF23bTyUaxsRERERERERERERlQ4AvxVl0F6eZkzdvP8WbkXPSwASe/vAmQkCWwHR9ADvB/jRh2GmrjV1dJU6RGVb01FfPPgIZ3dzgsF5dUixt/9BnGF8+in+3UxtXaW+W0nhxiUQ77xFL269tfBY1rrAwbYSz98MppYGgN2vC04hbcvMGn6Cm1/9PW6WLW8Fnf
取证完成</p>
<p blockindex=47><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA40AAAOzCAYAAAAcJOPkAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdW6xsx53f99/hTbwcklukqJEoalSSbCUay4FiQ0GieDIF5yGxMk5kv0ljA38EwQRg/DCJkUFsx5mC8xYYCIE82UaAQpBgEMRAToDEiGQ//BHbI8eJnSNBmJHnhv9gbtSVmxRJUSSlk4deq3v1Ze3d3WdV7727vx+gcXZX16qqXr152P/zr8utX/zFX7wnAAAAAAA2eOCqBwAAAAAAuL4euuoB4P698sork7X18ssvT9bWvuP67Gc/O9kYAAAAANwfMo0AAAAAgFG3bt++zZrGG+4LX/jCZG1dh0zj3bt3t6774osv7tUHAAAAgO2QaQQAAAAAjCJoBAAAAACMekjJVEpWWioOhbuquyKuZFwXyCrVlCSFF5UaVzwetJVkZfZ5KyqfNwAAAHBgD0lSSmkeNEZ0zy0rmxTVZPf7RX3efkwThA7Gi2OXlHJWliR3SXGVgwEAAABOzvKRG15kxaWUVWpRlpSsqkRW8X27SLJSZUlSVJlVvvZjB6FailzSNUx7AwAAAEdv85rGcJVBlJhzPsxogDWzqdLuLidoBAAAAA7uodFX3OXqpgXmrCyfZXvmklIaPI1YySD2r6fl0vlFY1NVL2t3pW4eTH31S+ru0u7WdYfvSYpLApt53Uva3M5snL/zO/ffUu+5Z5+ZrK0PfOADe123duRGPx15knsGAAAAYBfjQWMf1KXV8qRcikpee2Fp/WOyomordZKpVOueuEoug0B0u3aXmyuqK2P2uro5zm7t5lK3rpusqNj6JkLrY5hfMN/ER16U95/zOxir9Ff/6l+5r3aut8VU6SnuGQAAAIDdXHDkxjATuMi8JVsEYFGLzGy+3jFZUR8n9q+ZFc3jp6gqZvNyH/S2bbtro6xl0EdSXqm7U7t5WLcb5yAIXm63qnYB43K7Sdlmwdz6YF21FJUyza6vXmZjBAAAAIBWLsg0jvCqEtJwOmi4K3JW6oPL/vVYvzzGphhu3e6wsapSXSGplqpcTUlJZlm1jwx3aHc4dda9G381madu7H3HWdZHkF5kddZXlCL3WVYs59zt9rk0YLlvfPd7mo3x+ec/OGGbAAAAALBwQdA4XNe3CAAjXBGztYTZbPbn0gLA/ezTbrgv4sguGE3SfA1c7NhuuCusCzxrVXJXeMhj5bzK4ZEfuazHhitjAAAAAICbarugcZAdTLmolH4dXygi5C7lDesAd3H/7W5eg7lTu1Fl5srZZDkpZ5OyZPPX1o8LiVpUNmYP2bQFAAAAwM03HjT2B6pLg6Axy/oAzKusdEFUMtVs63vmbG2/dtPSnNVNQe6u7XbZQS+y2pXkolrybBMb8/XNcNLyjqkpLzbGuWwn1UnkIr39pfb9AAAAADhJGzfCSdlmgZIkKVS7NXtL0zLnmbQkKxcFjGNHaww73KddSdnmm9Mks3mQOw/Wdmw3l6paq+rg9Y1rMMM1Ty4OxqBks01uRnZrnQ0pzR4Xva9tpeHnBAAAAADTW840rq7P63b7XOx+6vLogqRc5DW0fKDhZj6bDzoLcmpW9FnB/giFPduVkqy68rB61MXOpDu26/0GOclUPcs9BpnD4SY2oWpFyYvyfAyxtJHOPNBeGu6UR25sEVQDAAAAwH168JH3v7+cnUnnMVvvN3u4an1J5aU7uns+rH6uu3dcoTOlM+lc0vn5Xd2547p7fq7zLsMXd0NLl3WZubN0Nm/n/O5d3XHX3Tjfud2UzhbjlXSmc52fn+vunZdUyp1BZnDH8Ybrjod0Jp3pTGdnZ9L5ue7evaNaiu4sGtbsPMZF25IWY/iFl+RLN6BzdqbFvXb53U2VttWPL/Rbv/Vb99HOsicef2yyth5+5D17Xff1r3996fni816/Z5/5zGf2Hh8AAACAy926ffv2vaseBO7PZz/7b0zW1nPPPjNZW4/ffmqv6375l39567ovvvjiXn0AAAAA2M7u5zTi2vmVX/nKVQ8BAAAAwJHauBEOAAAAAAASmcaTwBROAAAAAPtaDhqTqfTnGg6Fq/RnHOKayIudWIf4rAAAAABMaC3TODtDMOS1Ls4inJ9xiOsjVGudB40pm2zkbEgAAAAA2Nfo9NTwwQH2S5Kymcbik6iDcx2HcpGXLMlVcpHvOND2Fpm78LI46/FSSVbK7H5Eld3X2Yu7CIUvgvmUTHagngEAAACcjj3WNCZly8qSpFB31OHwZa2lJZOplrx7V5cOJXWZtg3juK/29rguaf19AwAAAMANt3vQmBcBYzXbnFUcSNlUyoa1d/ctyUqVJc0yfMY6PgAAAACY2s5HbqSUup+2yO6lVgEjAAAAAOAQds40zoPGkNIg6+gbF0CG3F2qRWGuaWaodlNBV0LRy4PZ/rq+2kWb+ySlPJj66tNtBJQGg4gLo+5dxgsAAAAAbewYNGbl3P2YsmwpCgx5XdlAJly12xhmWPN+JCuqllYLVap1T1Y32knKpahs2Lknqsk2zK9NVlSXa66/tz3GXWz1OJPN7eZSdxovAAAAALSy2/TU4UYxXmWWla3fLTUpW9FqPDe1qEVmJrPBLq1RVczm5T4csi0Cxv7afoPTdMF4Z3WneW/JqmoXMC6PISlbXc7A5uF4u/fUvdGLxgsAAAAALeyWaYwqM58FP/Opla5qRcmLspLM8jy72Mbm6acxNn3Tq0p013XTTMNdkbNSPwV09cKoKtUVkmqpytWU9n5vWdZHel5kdXZ9lCL3oiwp5yz5rHw4zda9e6/VZJ6697lj9wAAAABwH3bfPXVjcNYFN0nzbOR6nasR4YqYrVHMZrM/lxYLbrjGfTH+7v0mab/3NszO5tLHhhvrRN+3dUFqrUruCg95OAEjAAAAgIPb45zGmyXlolL6tYShiJC7lDesGdxsEBDfp6hFZWTDoFhUkpkrZ5PlpJxNypLNX+NoEQAAAACHs9OaxmRV7j6fVjl4ZbHT57Xa5XO2WU+SZmsw82zNYz/1dExaykRO995S6qbRdg+lpNQ9lvqTFD5b+5hzli0WYaqwqBEAAADAAe0UNC7WMQ7W6XW7k+bumW+cf9nCNudEDqaGzrN5SXbZ2ZHZ5hvOJLP5e7v4iIwR4ZonFwftzs6wLLPHIOuZS1WtVXUwxtH1mgAAAADQ2G7TU72o+Oy8xWRVnkPDwwTDi5rugbM6nNk8UymZas2KPivoRbl4F7B1gVou8ro83nFJVl1Lby/qnkduxPJGQdWVI5Y2vKnd5jj9e4qclZKpepZ7KOXF9NrN52ECAAAAQBsPPvLII2X+7OzT+vznP60znevunTu6e75+QXiVh3SWziRJ5+fnOr97Ry+Vl/TSnbvjPaWks/N+TeFdbWh6d10Wrx+LdK7zu3d1x11341zSue7ecYXOlM6kc0nn53d1547r7vm5zrvMYdwNnUtK6Uzn/fRRSWc61/n5ue7eeUml3BnJ9p3p7OxMOg9FuHzTTVPI62Ickhbt/sJL8uEl4brjIZ1JZ/O2z3X37h3VUnRn8yB09unP6/OfPpPO7+rOneX7+5nPfObyewkAAAAAG9y6ffv2vfmzZKrVujV1wx1EXfWSdYA4tJVptikrJ23cLOfFF1888NgAAAAAHIuV6akhd59io1AcWr92knM5AAAAAExoOdOIo0SmEQAAAMC+CBoBAAD2xD/MAjgFOx25AQAAAAA4LQSNAAAAAIBRBI0AAAAAgFEEjQAAAACAUStBY5KVqlqriqUrGRAAAMD1wXcjAHhorSQlpXT4gQAAAFxLfDcCcOKYngoAAAAAGEXQCAAAAAAYdetn/+bfvTecop/m8y9CEYvyqCbPVdtM56cudalLXepSl7rUPZa6F303+tZPvXh5owBww9361Kd+9t5inn5SNlNOUnhV9ZhXjHBJeas5/dSlLnWpS13qUpe6x1H34u9Gn/scQSOA43fr9u3b9xZPk6zO/nUtqslqXNW4AAAAroGLvxu9+CJBI4Djx5pGAAAAAMCovY
<h5 blockindex=48>扩展思路</h5>
<h6 blockindex=49>自定义前后缀</h6>
<p blockindex=50>后续发现一种更便捷的方式，不用修改boundary，自定义前后缀，在sqlmap发包的时候提供</p>
<pre blockindex=51><code class="hljs language-js">preffix=<span class=hljs-string>"pay`+/*_*/where"</span>
suffix=<span class=hljs-string>"#"</span>
technique=U
</code></pre>
<p blockindex=52>这样发包会更精准，由于提供了前缀，sqlma后续不会从boundary取注入符，会调用默认的clause和where去匹配union_query.xml里的test模板，免去了其他符号的测试</p>
<p blockindex=53>完整参数</p>
<p blockindex=54><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAB04AAABaCAYAAAA/1nUTAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nO3dT4zk5pnf8d/8n5JmZBcly1GP196A7bGAjDfrBPRljcmeuhDEWfvYZwfJAn01IF9zDrDXBjaHnOvqxFigGnsIAuQSrpxsYqwdZRh7F/HYXkssS7LU3fLMKAfWU8V6u9nky3pZxer+fgChNd2st16+fPkWiy+f97n21ltvfapATk5OQhWlu3fvBinnr//7D4OUI0mP/uAfBytL164FK+rjjz4KVtb9+/eDlXV6ehqknI8++m2QciTppZdeClbW3buDYGX11XSaBynnw/d/E6QcSbr3mShYWfr0RbCi/ubHfxOsrG/80TeClYXN+O2HHwYp517AMfnjjz8OVlbIsTSk44CfF4OX7wUp56OPwrX7yy+Ha/e//WkWrKwv/cM4WFl99N67vw5W1vMX4T53Xn/988HK6tI155r300+DffUAAAAAAAAI7vqmKwAAAAAAAAAAAAAAm8bEKQAAAIBOXL9+Xdev85UDAAAAAABsB+5iAAAAAAAAAAAAALjybm66AgAAAAAuJ4s2ff78+YZrAgAAAAAAUI+IUwAAAAAAAAAAAABXHhGnAAAAAIK6deuWJOnFixcbrgkAAAAAAEBzRJwCAAAAAAAAAAAAuPKIOAUAAAAQhOU0vXHjhiTp2bNnm6wOAAAAAACAFyJOAQAAAAAAAAAAAFx5RJwCAAAAl5xFgpquco/evFl8vfj000+XfgIAAMBHpsnhRJkkKVKyv68k2nCVAAC4Iog4BQAAAAAAWyXPUqVppjzwtgDQD7FGByPFkqRc6VHa6Ri2bePkttUXALBdiDgFAAAALolr165JWuQYtZ8WcfrJJ5908r5WvkWcnp6edvI+wNWQK50cKZtKGibaH8WbrlAPZUonqTLFipJYFwdh1WybTXQ4ybQ8SbGsuEGfKivfoY9ijfZGiqP5RkrTJzU38SPtJsniNV6KfpGWKhHFI+2N6vZ/U+XONGhfH3k20VE6VZ7P6htFioax9kbJOfVtvm9dlQtHnmpylClbaufknLbLlU5mE4VRotGVDbWMNdpPNB6nyvNUR2ms/U7a4qJxMlc6HivNJUWJ9vfPOyfaWKVcn8+Ac973qnzGNj7fvAq9Ou23KT7HbWvG1EW/GSZ7GsVTTcapppLivS2Pps8zpWm6fE0QxUrK14iYWcf4Ea6vE3EKAAAAAH2R58rzXHnoEIquykU3prPj5fMan2O85f0hmxTLV8aj+om4C7fNU40nWV0BGk9s0jRSHEfFzcg808Ru+heFKZ9ONT3vvyxTNvuvXZNnmhyO5zfloqi4CZRnk/r6b6TcmSbt62NWrzzPFUWx4jhWlOfKs1Tj+ZKm842b71tX5WJZnmo8Tosb/NbOxR/O2Xiq3M6bfLreevbNbFIxjmMN824iLC8eUyNFw9n/DqOADwe0L9fnM+BcbT5jt43X+ebpKrTfpvgct60aU6fKs3z2cFIk5bmmW3wdupBpMp4U1wRRND8G+ZlrxJ7Z5PeAzsePcH2diFMAAABgy1hkqUV6uhGmLss1+vz5807qQ27TUHKlRx1FdXRSLvrD5xhveX/IU6WZpChRUnfH/IJt8yzV0aRu6ctME5sMK7fVPIoyV5blSqKoeKp9PzmvEkrH4+LmVJy0iqrI03Q+eRePDjSKS3XIJppks9/1pFypaft6lag0zayyiyiF2Y3jXJnSNFc8a+Dm+9ZVuXDl8wcHIiV7o5pzYahkNNKuJA2HF214NUSJRqO6jUoRXfFe8yib88bJef+PFI/2iuNgf8omOppkytvkXQ1Rrs9nwKXT/Bj7nW/oC5/jtlVjap6rmMKaPTAxtYmzoaIt7pv2EEexOsDsQY75OFe6RuyVLf8eUCtcX2fiFAAAAACADuV5pmmDh56Hw3irbyB1b5HnL07qbvRcsG3ecFIvlxRHiqZSvFcqI95VrEyZpDyfShdNU6dHs4iDSEmru/zFxJ2k5YmCUh2yJ5kU+5bdVblq3r5epvPIiCgq3QiLIg3lxtf47FtX5aJakxvlkaI4THTjlRp/p7MIosZdsGqcjDSMpDzPlU3Gi6jrbKKx/SMatjg+q5br8xlwSXkf4+2emLq6fI5bn8fUWX+d2qfpUJFKkY5REX26nZ20OBHjWFKULE7J0vVD3TUiuhCurzNxCgAAAPTU9etFBOnNm8XPO3fuSJLu3r3rVU5XkaYW4epGnN6+fVuS9Lvf/a7T969lywBF9uXJvqhHAb6fO8sbRat8QbOylu9CTBd3FZbrO1/eaPn3S7n52pTbBxVLN0VVFW1xjPPSgTu33Mbtu/jd2XKW6zFNJ2qyimc8OtDo3CpV1dnnGLftZ8sqj8XSe8w3vvC8OK9NL5SlxSRkPKqP6rtw22I5tTgZKUoPq49NFGt03hvNIyecybazlVhMtLWMNl16r7icsyzWbixlmWaRG54567oqtyixWfueqdJF/aG4MZzlzo3I0n4Mo7O/q9+3rsrtiR6Mqfb36fIv5/VqXpeKv9eM1d7jb0djX9PPi7WqGiejWKP9g8r8zkmSKGmTvG/Vcqvq6/aVun87aq8LfLbr4rrEQ7vzLeQ1bftyQ7ZD9xrsW1W/O2fs8jlu2zSm7qZjZ9tMk3HpF3mqyThdrODQkW7G36giDUTTa8R1a/+90Ofc9D2PL9ze6bONy67r6+52tq3zOiZOAQAAAFxCRc6ZTCry/ihb3KBbaVmiXNnkSJOlu31W7L72W8yM5OmRxm4SnNmNhEKs0cHii3k2vwmxWM4uT8fzMuzmg2+5m1c6ZmcUy/qNlm6o+h3jPJ3oKHXzw50tt2n7Kk91NC4iX5aPfbE0a3kJrHh0oINWTTLR4aH7y8Vx8znGfv3B91hI2WTsd16U2k/xSAe1d8xsSdUmkZs120axkpHtqb/y8njxBTf5F8u6to02VWk5u9IE3pk3Km7SeY0+XZUrtWvf2v5QtHWa57OcpCMlu7lSi2wtR4B67VtX5fbBhsbUpLSEaPm4Lr3Polbn3zAv1aVifGg6VvuNv75t1vCawOPzYn19p8mYmi8Cxea/mgaIJm9TblV9nWUn97Toc86/i7YvvbTmM3b+Dk36elFg+HPIh/f5Fv6adv6uHtcEwduhY832rdQvl8awc5ZJ9Tlu2zamxvvaz6VpdqRJms/OyVhTe694pP2k66joTOls3yvH30bXofXyPJ1HxStKtNej/tvme6HPuVnuK0tbV40lteNv6Vw5V9X32Pq+rtmy5+k557FKr7v57rvvVr27t9u3bgcr67+laf1GDfzeF78UpBxJeve994KVdf/ll4OVZU/4h3ByfBysrLuDQZByLLIihOn0N8HKuhWwv7/3XsDz8I5fBMpFPvjwwyDlvAj4jEb+7q+DlfW5118PVtbD3S8HK+u9gOPyq6+9FqScZ89fBClHkv7up0+ClfXGF74YrKybFXkB2/jggw+ClPMiYI7AX/3yl8HK+vLDh8HK+vjjj4OVdXxyGqysG4HG0pDXWe+/H24s/QcPvhCsrJ/+7G+DlfXaa68GK+vOrVtByrl9O9x1yP1XXqndxo3gdHOZWkTnixd+4/Lp6enS68umTdZaqvDKbJ+s/Pv370ta1NsiTy3i1CJQ2+RAzSZjpU2WhUr2z94syIslFKMoVpzsFhFG3jWYFZUubjBFyUh78XD+5T9Pj5TGnvm+JEXJnvZjSZoqO5rMb6aM9mIVzykvPy0bj0aKDyfKZkvWxXvS0TyqbRGF4VtuUz7HYvdJ++MWxSPtJZrVvbi5l1blPas5xuUv82fLHWtSusnUtH0VxYqjVHk+myBLLLfR4kbpclRaW0XepOF0ovEkk+XdPBjFXsd4lf5QeyyySem82NdeLCkrbtBUnhdRrMTCaxvkIJovedsgctNnW295WuoPF5UfINr0KmnQH6JkT6N8Nt5mpYiXKNZor/2EU1flNrX1Y+rSZ2Fe3HyPZmNqlGivGHgWN84Va7SfyI5y2xvmjc
<pre blockindex=55><code class="hljs language-js">--proxy=https:<span class=hljs-comment>//127.0.0.1:8080 --prefix=pay`+/*_*/where+false --suffix=# -v 3 --technique U</span>
</code></pre></div></div>
 </div>
 <div class="post-opt mt-30">
 <ul class="list-inline text-muted">
 <li>
 <i class="fa fa-clock-o"></i>
 发表于 2024-09-09 10:00:01
 </li>
 <li>阅读 ( 245 )</li>
 <li>分类：<a href=https://forum.butian.net/community/Pen_Testing target=_blank rel="noopenner noreferrer">渗透测试</a>
 </li>
 <li><a href=# class=report_btn data-source_type=article data-source_id=3708 data-toggle=modal data-target=#send_report_model><i class="fa fa-flag-o"></i> 举报</a></li>
 </ul>
 </div>
 </div>
 <div class="text-center mt-30 mb-20">
 <button id=support-button class="btn btn-success btn-lg mr-5" data-loading-text=加载中... data-source_type=community data-source_id=3708 data-support_num=1> 1 推荐</button>
 
 <button id=collect-button class="btn btn-default btn-lg" data-loading-text=加载中... data-source_type=community data-source_id=3708> 收藏</button>
 </div>
 </div>
 
 <div class="widget-answers mt-15">
 <h2 class="h4 post-title">0 条评论</h2>
 <div class=comment>
 </div>
 
 <div class="widget-comment-form row mb-20">
 <form class=col-md-12>
 <div class=form-group>
 <textarea id=comment-content name=content placeholder=写下你的评论 class=form-control value></textarea>
 </div>
 </form>
 <div class="col-md-12 text-right">
 
 <button type=submit data-token=hv4G4JoJh8iT2bkEDuman72c3kcwUn4z7xUbH6hd data-source_id=3708 data-source_type=community class="btn btn-primary btn-sm ml-10 comment-btn">提交评论</button>
 </div>
 </div>
 
 <div class=text-center>
 
 </div>
 </div>
 </div>
 
 
 </div>
 </div>
</div>
<footer id=footer>
 <div class=container>
 <div class=text-center>
 <a href=https://forum.butian.net/>奇安信攻防社区</a><span class=span-line>|</span>
 <a href=mailto:butian_report@qianxin.com target=_blank rel="noopenner noreferrer">联系我们</a><span class=span-line>|</span>
 <a href=https://forum.butian.net/sitemap>sitemap</a>
 </div>
 <div class="copyright mt-10">
 Copyright © 2013-2023 BUTIAN.NET 版权所有 <a href=https://beian.miit.gov.cn/#/Integrated/index>京ICP备18014330号-2</a>
 </div>
 </div>
</footer>
<div class="modal fade sf-hidden" id=sendTo_message_model tabindex=-1 role=dialog aria-labelledby=exampleModalLabel>
 
</div>
 <div class="modal fade sf-hidden" id=send_report_model role=dialog aria-labelledby=exampleModalLabel>
 
</div> <div class="modal fade in sf-hidden" id=payment-qrcode-modal-article-3708 tabindex=-1 role aria-labelledby=exampleModalLabel aria-hidden=false>
 
</div> 
 
 <div style="display:none;position:fixed;top:40%;left:50%;z-index:9999;transform:translate(-50%,-50%);padding:3px 15px;border-radius:8px;background:rgba(120,120,120,0.7);box-shadow:1px 1px 3px 1px rgba(160,160,160,0.6);text-align:center;font-size:12px;color:#fff"></div><div id=windowLoading class="modal fade sf-hidden" tabindex=-1 role=dialog>
 
 </div>
 
 
 
 
 
 
<span id=cnzz_stat_icon_1279782571></span>
<div class="geetest_panel geetest_wind" style=display:none></div><div id=immersive-translate-popup style=all:initial><template shadowrootmode=open><style class=sf-hidden>/*!
 * Pico.css v1.5.6 (https://picocss.com)
 * Copyright 2019-2022 - Licensed under MIT
 */#mount{--font-family:system-ui,-apple-system,"Segoe UI","Roboto","Ubuntu","Cantarell","Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--line-height:1.5;--font-weight:400;--font-size:16px;--border-radius:0.25rem;--border-width:1px;--outline-width:3px;--spacing:1rem;--typography-spacing-vertical:1.5rem;--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing);--grid-spacing-vertical:0;--grid-spacing-horizontal:var(--spacing);--form-element-spacing-vertical:0.75rem;--form-element-spacing-horizontal:1rem;--nav-element-spacing-vertical:1rem;--nav-element-spacing-horizontal:0.5rem;--nav-link-spacing-vertical:0.5rem;--nav-link-spacing-horizontal:0.5rem;--form-label-font-weight:var(--font-weight);--transition:0.2s ease-in-out;--modal-overlay-backdrop-filter:blur(0.25rem)}@media (min-width:576px){#mount{--font-size:17px}}@media (min-width:768px){#mount{--font-size:18px}}@media (min-width:992px){#mount{--font-size:19px}}@media (min-width:1200px){#mount{--font-size:20px}}@media (min-width:576px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*2.5)}}@media (min-width:768px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3)}}@media (min-width:992px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3.5)}}@media (min-width:1200px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*4)}}@media (min-width:576px){article{--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media (min-width:768px){article{--block-spacing-horizontal:calc(var(--spacing)*1.5)}}@media (min-width:992px){article{--block-spacing-horizontal:calc(var(--spacing)*1.75)}}@media (min-width:1200px){article{--block-spacing-horizontal:calc(var(--spacing)*2)}}dialog>article{--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing)}@media (min-width:576px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*2.5);--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media (min-width:768px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*3);--block-spacing-horizontal:calc(var(--spacing)*1.5)}}a{--text-decoration:none}a.secondary,a.contrast{--text-decoration:underline}small{--font-size:0.875em}h1,h2,h3,h4,h5,h6{--font-weight:700}h1{--font-size:2rem;--typography-spacing-vertical:3rem}h2{--font-size:1.75rem;--typography-spacing-vertical:2.625rem}h3{--font-size:1.5rem;--typography-spacing-vertical:2.25rem}h4{--font-size:1.25rem;--typography-spacing-vertical:1.874rem}h5{--font-size:1.125rem;--typography-spacing-vertical:1.6875rem}[type="checkbox"],[type="radio"]{--border-width:2px}[type="checkbox"][role="switch"]{--border-width:3px}thead th,thead td,tfoot th,tfoot td{--border-width:3px}:not(thead,tfoot)>*>td{--font-size:0.875em}pre,code,kbd,samp{--font-family:"Menlo","Consolas","Roboto Mono","Ubuntu Monospace","Noto Mono","Oxygen Mono","Liberation Mono",monospace,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"}kbd{--font-weight:bolder}[data-theme="light"],#mount:not([data-theme="dark"]){--background-color:#fff;--background-light-green:#F5F7F9;--color:hsl(205deg,20%,32%);--h1-color:hsl(205deg,30%,15%);--h2-color:#24333e;--h3-color:hsl(205deg,25%,23%);--h4-color:#374956;--h5-color:hsl(205deg,20%,32%);--h6-color:#4d606d;--muted-color:hsl(205deg,10%,50%);--muted-border-color:hsl(205deg,20%,94%);--primary:hsl(195deg,85%,41%);--primary-hover:hsl(195deg,90%,32%);--primary-focus:rgba(16,149,193,0.125);--primary-inverse:#fff;--secondary:hsl(205deg,15%,41%);--secondary-hover:hsl(205deg,20%,32%);--secondary-focus:rgba(89,107,120,0.125);--secondary-inverse:#fff;--contrast:hsl(205deg,30%,15%);--contrast-hover:#000;--contrast-focus:rgba(89,107,120,0.125);--contrast-inverse:#fff;--mark-background-color:#fff2ca;--mark-color:#543a26;--ins-color:#388e3c;--del-color:#c62828;--blockquote-border-color:var(--muted-border-color);--blockquote-footer-color:var(--muted-c