"><img src=x onerror=prompt(1);>

After%20being%20addedlashes,%%20XX%%205c%20appears%2e%20If%20the%20ascii%20code%20value%20of%20the%20current%20character%20is%20greater%20than%20128,%20it%20will%20be%20considered%20as%20a%20wide%20character,%20even%20if%20it%20is%20not%20a%20Chinese%20character%2e%20So%20not%20only%%20df%20can%20eat%20'%5c'%2e

2025-05-20 06:22:58 回复

bossit0010

%2e%2e%2e

2025-05-20 06:22:58 回复

bossit0010

use%5c

2025-05-20 06:22:58 回复

bossit0010

SELECT%20@@max_allowed_packet%3b

2025-05-20 06:22:58 回复

bossit0010

index%2ephp%3fname%3d%%2a%2a%5c%5c%27

2025-05-20 06:22:58 回复

bossit0010

Eat%5c

2025-05-20 06:22:58 回复

bossit0010

addslashes%20()%20adds%20a%20single%20or%20double%20quotation%20mark%20%5c%2e%20When%20mysql%20GBK%20character%20set,%20it%20will%20be%20two%20characters%20as%20a%20Chinese%20character,%20such%20as%%20df%%205c%20for%20transport%2e%20We%20enter%20name%3droot%df%27,%%20the%20server%20will%20appear%20the%20following%20conversion%3a%20root%df%27-%3e%20root%df%5c%27-%3e%20rootK'%2e

2025-05-20 06:22:58 回复

bossit0010

$name%20%3d%20isset($_GET['name'])%20%3f%20addslashes($_GET['name'])%20%3a%201%3b

2025-05-20 06:22:58 回复

bossit0010

$sql%20%3d%20%22SELECT%20%2a%20FROM%20test%20WHERE%20names%3d'%7b$name%7d'%22%3b

2025-05-20 06:22:58 回复

bossit0010

Directly%20use%20the%20absolute%20path,%20pay%20attention%20to%20the%20processing%20of%20the%20slash%20path%2e

2025-05-20 06:22:58 回复

bossit0010

作者其他文章更多

dasd

2025-05-20

das

2025-05-20

das

2025-05-20

"><img src=x onerror=prompt(1);>

2025-05-20