After successful login with admin admin, the cookie information is saved and displayed.
If you do not click the Delete Your cookie! button, then access
http://localhost/sqli-labs-master/Less-20/
There is no need to log in again, the username is obtained via cookies and is not verified.
Modified by Browser plugin Editthiscookie
Add single quotation marks and refresh the page
I found the error message from MySQL.
$sql= "SELECT * from Users WHERE username= '$cookee' LIMIT 0,1";
As this shows both the queried field and the error message
So it's possible to burst the data with an error in the union Select and Updatexml functions.
It is important to note that if you use the union select you should be aware that because there is only one display of data, then the previous query can not have results, the uname to a nonexistent user name can be
"Sqli-labs" LESS20 Post-cookie injections-uagent field-error based (Error-based Cookie header POST injection)