1.语法报错逻辑
$sql=“SELECT FROM users where uname=“.$uname; 正常传参:$uname=‘Michael’ 结果: SELECT FROM users where uname=‘Michael’;
注入测试传参:$uname=‘Michael’’ 网页报错#### 2.猜处理字段数逻辑
$sql=“SELECT FROM users where uname=“.$uname; 正常传参:$uname=‘Michael’ 结果: SELECT FROM users where uname=‘Michael’;
注入测试传参:$uname=‘Michael’order by 1 直至网页报错#### 3.空集逻辑
$sql=“SELECT FROM users where uname=“.$uname; 正常传参:$uname=‘Michael’ 结果: SELECT FROM users where uname=‘Michael’;
注入测试传参:$uname=‘’or ‘1’=‘2 结果: SELECT * FROM users where uname=‘’or ‘1’=‘2’;
网页不报错,但显示页面没有内容等#### 4.全集逻辑
$sql=“SELECT FROM users where uname=“.$uname; 正常传参:$uname=‘Michael’ 结果: SELECT FROM users where uname=‘Michael’;
注入测试传参:$uname=‘’or ‘1’=‘1 结果: SELECT * FROM users where uname=‘’or ‘1’=‘1’ ; 网页不报错,但显示页面正常或者页数更多等
若有收获,就点个赞吧
0 人点赞
