Although the injection of different locations, but the principles are the same
Principle: change the password, because the password is required to modify the login name called by the cookie (loginname) to modify, that might appear injection vulnerability.
- cookie you want to change or add their own url encoded coding mark
1. First, we inject judgment
2. Here we inject marked in accordance with normal procedure, keywords blind, the result will not do, we look at the error
here the easy way to directly read the database, according to the normal procedure is to determine where it should be filtering a.
3. Well according to the figure we have found that he is to the filter bracket (actually forget the database parentheses url encoding artefacts form of bracket to be filtered), where we replaced the coding url
4. successful implantation, happy