[极客大挑战 2019]LoveSQL 题目一个登录框，测试一下注入 用户名输入1' 密码输入aa 报错You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'aa'' at line 1我们看到aa被单引号包裹 后台拼接后的sql语句是SELECT * FROM users WHERE username = '1'' AND password = 'aa' 在用户名输入单引号会引发语法错误，判断为字符型注入 所以输...

2025/11/29 我决定每天打卡几道题来积少成多 [AFCTF 2021]BABY_CSP <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>BABY CSP</title> </head> <body> <a href='#' id="btn">whe3e are y0u fr0m?</a>...