Table of contents
One, POST submission and GET submission
Second, the use of POST submission
One, POST submission and GET submission
1, GET submissions can be cached, POST submissions will not
2, GET submission parameters will be kept in the history, POST submission will not
3. GET submissions can be bookmarked, POST submissions will not
4. GET submission has a length limit, up to 2048 characters; POST submission has no length requirement, not only ASCII characters are allowed, but binary data can also be used
5. POST submission is more secure than GET submission
Second, the use of POST submission
Take less-11 as an example:
Generally, those with a login box will use the post submission method
That is, when the website needs to log in, you can use POST to submit
Username has an injection point, you can use post to submit the injection, and use the 'or' command to bypass password verification
Master key: admin' or 1=1 #
principle:
View the background source code of the website
Actual injection:
success!