Skip to content

Commit 56b0937

Browse files
youki992youki992
authored
Update README.md
1 parent 2428d69 commit 56b0937

1 file changed

Lines changed: 8 additions & 0 deletions

File tree

README.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,3 +29,11 @@ searchText可以配置多个字符串关键字,并用,号进行分割
2929

3030
如下指定关键字为MapFilePath,搜索出相关代码的效果
3131
![image](https://img.picui.cn/free/2024/11/08/672d7b3f2aea5.png)
32+
33+
# 效果预览
34+
在config.properties中指定searchText为where,查询where关键字筛选可能存在SQL注入的代码
35+
![image](https://img.picui.cn/free/2024/11/08/672da14926a82.png)
36+
之后进到对应方法中查看,发现存在参数拼接到SQL语句中的情况
37+
![image](https://www.picgo.net/image/image.o7dQ4J)
38+
最后根据方法构造POC,验证注入
39+
![image](https://img.picui.cn/free/2024/11/08/672da169b4b75.png)

0 commit comments

Comments
 (0)