1. Level question
The question suggests that this level is an injection vulnerability
2. Check the page and find that there is no access to the database at the URL. There is no other clickable place on the page
3. It is suspected to be an injection of header information, use burpsuite to check
The header injection has X-Forwarded- For, User-Agent, Referer, cookie, host
4. Exploit the injection point
Explode the database:
Explode the table:
Explode the columns of the flag table Name:
Explosion flag: