Less-2
Add ' (single quotation marks) to the number.
We also got a MySQL return error that prompts us for grammatical errors.
You?have?an?error?in?your?SQL?syntax;?check?the?manual?that?corresponds?to?your?MySQL?server?version?for?the?right?syntax?to?use?near?‘‘?LIMIT?0,1′?at?line?1
The following query statements are now executed:
Select?*?from?TABLE?where?id?=?1‘?;
So the odd number of single quotes here destroys the query, causing an error to be thrown.
So we came to the conclusion that the query code used an integer.
Select?*?from?TABLE?where?id?=?(some?integer?value);
Now, from the developer's point of view, to take precautions against such errors, we can comment out the remaining queries:
http://localhost/sqli-labs/Less-2/?id=1–-+
The source code can be parsed to the following SQL statement:
?
$sql="SELECT?*?FROM?users?WHERE?id=$id?LIMIT?0,1";
对id没有经过处理
What you can successfully inject are:
or?1=1
or?1=1?--+
The rest of the payload and LESS1 have been, only need to be less1 in the ' Remove.
?
We don't have to repeat it here.
Sqli-labs less 2