Less-12 POST -Error Based - Double quotes - String - with twist
Less-11 与 Less-12差别在于一个是单引号一个是双引号加括号,对于Less-12就直接用burp suite来做练习,步骤与Less-11基本一致。
0x01.原页面
用户名和密码两个参数分别为uname和passwd。Burp中提交参数uname=xxx&passwd=xxx
0x02.判断注入类型
uname=1&passwd=1&submit=Submit
uname=1’&passwd=1&submit=Submit
uname=1"&passwd=1&submit=Submit