sqli-labs (less-51)
Enter 51 level, enter sort=1
http://127.0.0.1/sql1/Less-51/?sort=1'
According to the error display, the closing method is judged to be'–+, and
there is a complete error echo for character injection , so we can use error injection attacks and time blind injections. In this level, the mysgli multi guery() function is used, and in The mysqL fetch_assoc() function is used in the less46-49 level, so here we can also use stack injection attacks. I have already introduced error injection attacks and time blind injections in less-46 . I will not introduce them here. I will introduce them here. Stack injection attack method
Create a
new table Create a new user
http://127.0.0.1/sql1/Less-51/?sort=1';insert into users values(18,'icepeak','icepeak')--+