Because there is no low-level filter, is relatively simple, it does not demonstrate that the main blog article demonstrates medium and high levels.
[ meduim ]
一:HTML Injection - Reflected (GET)
1, first write a statement, and then view its source code.
2, right view source code, find the angle brackets be escaped.
3, the insert statement using the url encoding, successfully bypassed.