看一下mysql_real_escape_string()函数
\\x00 
\\x1a 
注入的关键还是在于闭合引号,同样使用宽字节注入
http://192.168.136.128/sqli-labs-master/Less-36/?id=0%df‘ union select 1,2,3%23
sqli-labs less36 GET- Bypass MYSQL_real_escape_string (GET型绕过MYSQL_real_escape_string的注入)
Posted superkrissv
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了sqli-labs less36 GET- Bypass MYSQL_real_escape_string (GET型绕过MYSQL_real_escape_string的注入)相关的知识,希望对你有一定的参考价值。
以上是关于sqli-labs less36 GET- Bypass MYSQL_real_escape_string (GET型绕过MYSQL_real_escape_string的注入)的主要内容,如果未能解决你的问题,请参考以下文章
sqli-labs less2 GET - Error based - Intiger based (基于错误的GET整型注入)
SQL注入SQLi-LABS Page-1(Basic Challenges Less1-Less22)
SQL注入SQLi-LABS Page-1(Basic Challenges Less1-Less22)
SQL注入SQLi-LABS Page-1(Basic Challenges Less1-Less22)
sqli-labs less9 GET - Blind - Time based. - Single Quotes (基于时间的GET单引号盲注)
sqli-labs less4 GET - Error based - Double Quotes - String (基于错误的GET双引号字符型注入)