SQL injection less42 (post stack injection)

Pre knowledge : SQL Inject Less38( Stack Injection )

The page of this question is similar to the second injection , But we can't register users , Therefore, it is impossible to use secondary injection .

White box audit , Look at the code

$username = mysqli_real_escape_string($con1, $_POST["login_user"]);
$password = $_POST["login_password"];

Only right username Escaped , And not right password, therefore password It's a breakthrough

Use universal password to test password
' or 1=1#

But why do we enter admin But what logged in was Dumb Well .

Because it's here SQL yes

SELECT * FROM users WHERE username='admin' and password='' or 1=1 #'

and and Priority is higher than or Of . So this statement is equivalent to

select * from users where 1

Then the result is the whole picture users surface . and Dumb On the first line , So what you log in to is Dumb.

use password Stack Injection
Enter the user name casually
password ';drop table users;

https://blog.csdn.net/weixin_43901998/article/details/107566100