sql注入----sql injection 判断sql注入点
1. 单引号判断(')https://img2022.cnblogs.com/blog/1408560/202206/1408560-20220623202439955-1331833034.pnghttps://img2022.cnblogs.com/blog/1408560/202206/1408560-20220623202450254-1106597688.png
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1
错误:您的SQL语法有错误;检查与MySQL服务器版本相对应的手册,以获取第1行中靠近“”使用的正确语法
2.盲注:有时候输入框中输入的内容不存,也有可能没得。
先了解一下like,比如select * from user where name like '%myName%'
如下:
https://img2022.cnblogs.com/blog/1408560/202206/1408560-20220623203729258-2050145485.png
搜索出来的内容都是包含a的,在头脑里面考虑到like的用法,进行闭合。比如select * from movies where id=1 and sleep(10);
https://img2022.cnblogs.com/blog/1408560/202206/1408560-20220623205416185-1842437905.png
https://img2022.cnblogs.com/blog/1408560/202206/1408560-20220623205824362-1382726482.png
https://img2022.cnblogs.com/blog/1408560/202206/1408560-20220623210139003-1787579552.png
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!
页:
[1]