SQL注入 -----无处不在
问在怎么才能知道注入点在什么地方????
首先不可能一眼就能看出注入的地方,根据自己的经验判断,根据各种类型判断有可能出现的类型
post类型的包
POST /sqli/Less-18/ HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/sqli/Less-18/
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Connection: keep-alive
Upgrade-Insecure-Requests: 1
uname=admin&passwd=admin&submit=Submit
在任何标题后面都有可能有注入,依次尝试就能报错