l Today Another day security paddle day analysis, we found accidentally open a Web page loans, heart read like, want to test to see something, hehe.
l Safety circle ID: Empty City
l The following technology is rubbish , big brother told me to welcome you all
l Then we casually points to open a lending platform, find the following pages
l because I personally like SQL injection, and found ID = 10 field after its URL, immediately submit a single quote ( ') and press Enter, the page with the error immediately, immediately knowing there are ten thousand CNM, roll up the mood at this station .
l little friends look, here Mysql error, but escaped, so do not panic, we use the error injection, small problems every minute Kill off
l really direct injection to bypass the error escape, ha ha ha, SQL injection What is so hard, simple.
l subsequent in-depth testing, it took a lot of data, in some implantation in detail below (database version)
l subsequent burst of the process it is a fool, and eventually won this site admin account & password
l took out my little book to share with you hehe.