Single quotes injected with order by found the two column. Found with union select when the select key is filtered
Injected with a semicolon try to pack two tables show the
Each query field
flag in the table 1919810931114514
method one:
There are words in the fields id, id should query query field statement for the form. You can guess sql statement: select * from words where id = '';
Because there is no restriction alter, rename and change. It is possible to check the flag by modifying the table name. Just put a name other than the original words, words 1919810931114514 table changed, then the id field flag can be changed
payload:
1 '; alter table words rename to (any name);
alter table `1919810931114514` rename to words;
alter table words change flag id varchar(20);--+
(Wonderful ah ~ ~)
Other methods subsequent updates