GALi_233的博客

SQLlabsBasic-ChallengesLess-11: POST-Error based- Single quotes -Stringless10后就是post注入，这题注入挺简单的，用万能密码即可登陆username: 1' or 1=1 # // #号为注释符password: 随意登陆成功利用burpsuite抓包判断select 字段尝试sql注入，在username参数中注入1' order by 2# ----没有报错1' order by 3

SQLlabssqllabs是一个安全小白学习sql注入最好的练习靶场。在此记录下学习的过程，有错误的话， 欢迎大家指正。sqllabs分四个阶段分别是Basic-ChallengesAdvanced-InjectionsStacked InjectionsChallengeBasic-ChallengesLess-1: GET-Error based- Single quotes -String根据提示用id作为参数http://192.168.43.85/sqllab/Le