sqli-labs闯关学习笔记(六)//第十一关

POST注入
post注入，post是php中和get一样是一种传数据的方法。也就是表单传参数所常用的方法。
关键部分源码:

if(isset($_POST['uname']) && isset($_POST['passwd']))
{
	$uname=$_POST['uname'];
	$passwd=$_POST['passwd'];

	//logging the connection parameters to a file for analysis.
	$fp=fopen('result.txt','a');
	fwrite($fp,'User Name:'.$uname);
	fwrite($fp,'Password:'.$passwd."\n");
	fclose($fp);


	// connectivity 
	@$sql="SELECT username, password FROM users WHERE username='$uname' and password='$passwd' LIMIT 0,1";
	$result=mysql_query($sql);
	$row = mysql_fetch_array($result);

	if($row)
	{
  		//echo '';	
  		
  		echo "
";
		echo '';
		//echo " You Have successfully logged in\n\n " ;
		echo '';	
		echo "
";
		echo 'Your Login name:'. $row['username'];
		echo "
";
		echo 'Your Password:' .$row['password'];
		echo "
";
		echo "";
		echo "
";
		echo "
";
		echo '';	
		
  		echo "";
  	}
	else  
	{
		echo '';
		//echo "Try again looser";
		print_r(mysql_error());
		echo "
";
		echo "
";
		echo "
";
		echo '';	
		echo "";  
	}

原理不变，可以利用工具Burp suite抓包来帮助过程更简单。(我这里有1.6pro的版本不过不是中文，需要的小伙伴可以私我),burp的使用方法在这里就不介绍了。