LESS—5

查看源代码得到

$sql="SELECT * FROM users WHERE id='$id' LIMIT 0,1";

采用的是 ' ' 闭合，若直接使用/?id=1 and 1=1，则在sql语句中是

$sql="SELECT * FROM users WHERE id='id=1 and 1=1' LIMIT 0,1";明显是错误的

所以要/?id=1' and '1'='1这样写，写进去是这样的

$sql="SELECT * FROM users WHERE id='id=1' and '1'='1' LIMIT 0,1";

再报个错

 $sql="SELECT * FROM users WHERE id='id=1' and '1'='2' LIMIT 0,1";

再查询一下字段

 $sql="SELECT * FROM users WHERE id='id=1' order by 4 --+ LIMIT 0,1";

本栏目推荐文章
• upload-labs
• devmapper: Thin Pool has 162394 free data blocks which is less than minimum required 163840 free data blocks
• mx master 的国产平替 keychron m6 使用体验
• rCore_Lab3
• Kubernetes Multi-Master Node Cluster
• MIT6.828 Lab1-1(分析boot.S文件)
• k8s-1.28版本多master部署
• mit6.828 - lab5笔记（上）
• Multi-Master APB Interconnect
• Linux Debian12使用git将本地项目打标签、创建分支和分支合并到master再上传到码云(gitee)远程仓库

sqli_labs_master master sqli labs LESSsqli_labs_master master sqli labs sqli_labs_master sqli-labs sqli labs less sqli-labs-less less sqli-labs-less sqli labs sqli-lab sqli less lab sqli-labs-less sqli labs less sqli-labs-master master sqli labs sqli-labs-master 靶场sqli-labs sqli less