RedTiger‘s Hackit(level8)

email填'报错

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '12345', age = '25' WHERE id = 1' at line 3 Username: Admin

后端语句应该是

update xxx set email='hans@localhost',name='hans',icq='12345',age='25';

试了一下，发现井号什么的被过滤了，而且只能在email上做文章。

email填',name=password,age=',名字就会变成密码