Title source below, is input to the test sites and $ id $ row [ 'id'] distinction
The key is the red box, can know the payload is subject to let $ row [ 'id'] is present, the query to the data, and make a POST id not be the same adog. That is obvious, certainly to id you entered! == adog, and the need to bypass $ row [ 'id'] limitation.
P cattle from the blog and learn first-hand gesture. Distinguished themselves with mysql FUZZ under test, from here you can see the $ row [ 'id'] and $ id of
<?php
mysql_connect("localhost","root","root");
mysql_select_db ("test");
mysql_query("set names utf8");
for($i = 0 ; $i < 256 ; $i++){
$c = chr($i);
$name = mysql_real_escape_string('hehe' . $c);
$sql = "SELECT * FROM `people` WHERE `name` = '{$name}'";
$result=mysql_query($sql);Row $ = the mysql_fetch_array ( $ Result );
IF ( $ Row [ 'name'] == 'Hehe' ) {
echo "{ $ C } a" ;
}
}
# P bovine bloghttps: //www.leavesongs. COM / PENETRATION / Mini-XCTF-Writeup.html
?>
# If you add a character behind the name, in the mysql query, if found, and not add the same line to check out the character of the output.
I inserted these data in the data table
That id is entered adogÂ, but in the mysql_fetch_array ( the mysql_query ( $ SQL )), the query and the associated array, the array of key values array id still adog, so $ row [ 'id'] is present, so bypassing $ id == adog, and also to enable $ row [ 'id'] value exists.
That fuzz has been fully proved.