WEBeasy_sql首先先开代理利用burpsuite抓包分析，在username=admin'先加个单引号，发现如下报错 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'admin') LIMIT 0,1' at line 1 猜测sql语句大概是这种样子：select * from table where username=('admin') and password=('passwd') limit 0,1; 根据这个语句构造payload为uname=admin') and 1=1%23和uname=admin') and 1=2%23不难看出该出sql语句可被利用 接下来先利用sqlmap进行扫描，发现了flag表，猜测flag就在这张表里 但是sqlmap跑不出fla ...