SQL 通过表单注入在 PHP 5.6 中不起作用
SQL Inject through form is not working in PHP 5.6
我正在尝试进行 SQL 注射 (SQLi)。
我的表格是:
<form action="<?php echo $_SERVER["PHP_SELF"];?>" method="POST">
<table>
<tr>
<td>Nama Properti</td>
<td>:</td>
<td>
<input type="text" name="property_name">
</td>
<td>
<?php if(isset($errors)) echo "<p class='errlog'>" . $errors . "</p>"; ?>
</td>
</tr>
<tr>
<td></td>
<td>:</td>
<td>
<input type="submit" name="submit-form" value="Kirim" >
</td>
</tr>
</table>
</form>
而我的行动是:
<?php
if (isset($_POST["submit-form"])) {
if (!empty($_POST["property_name"])) {
$mysqli = new mysqli("127.0.0.1", "root", "", "belajar");
if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL: " . $mysqli->connect_error;
exit();
}
$property_name = $_POST["property_name"];
echo $property_name; // produce 'x'); DROP TABLE kelas_lain;--
$sql = "INSERT INTO kelas_lain (property_name) VALUES (". $property_name .")";
echo "<br>" . $sql; // produce INSERT INTO kelas_lain (property_name) VALUES ('x'); DROP TABLE kelas_lain;--)
if ($sql_query = $mysqli->query($sql)) {
echo "<p class='successlog'>Success !</p>";
echo "Returned rows are: " . $sql_query->num_rows;
$sql_query->free_result();
}else{
echo "<p class='errlog'>There is an error with SQL !</p>";
}
$mysqli->close();
}else{
$errors = "Mohon Isi Form !";
}
}
?>
我通过输入用户表单传递了这个 'x'); DROP TABLE kelas_lain;--,但是我得到了一个错误 echo "<p class='errlog'>There is an error with SQL !</p>"; 而不是成功地执行了这个命令 INSERT INTO kelas_lain (property_name) VALUES ('x'); DROP TABLE kelas_lain;--),这会丢弃 kelas_lain table.
我做了 echo $sql; 它显示:
插入 kelas_lain (property_name) 值 ('x');下降 TABLE kelas_lain;--)
而且我认为一切都是正确的。
额外
虽然我已通过 url.url.
成功完成 (SQLi)
传递的查询是:
index.php?id=1 UNION SELECT password FROM siswalogin where id=1
这是代码:
<?php
/*
* Check if the 'id' GET variable is set
*/
if (isset($_GET['id'])){
$id = htmlspecialchars($_GET['id']);
/* Setup the connection to the database */
$mysqli = new mysqli('localhost', 'root', '', 'belajar');
/* Check connection before executing the SQL query */
if ($mysqli->connect_errno) {
printf("Connect failed: %s\n", $mysqli->connect_error);
exit();
}
/* SQL query vulnerable to SQL injection */
$sql = "SELECT username
FROM siswalogin
WHERE id = $id";
/* Select queries return a result */
if ($result = $mysqli->query($sql)) {
while($obj = $result->fetch_object()){
print($obj->username);
}
echo "<br>" . $id; // = 1 UNION SELECT password FROM siswalogin where id=1
}
/* If the database returns an error, print it to screen */
elseif($mysqli->error){
print($mysqli->error);
}
}
?>
出于安全原因(尤其是 sql 注入),mysqli_query() 函数不支持执行多个 sql 语句。
您必须使用 mysqli_multi_query() 函数(绝不能用于处理 Web 表单的内容)。
默认情况下 MariaDB/MySQL 服务器不支持执行多个 SQL 语句,除非设置了客户端标志 CLIENT_MULTI_STATEMENTS 和 CLIENT_MULTI_RESULTS。但是 PHP.
中不存在这些选项
我正在尝试进行 SQL 注射 (SQLi)。
我的表格是:
<form action="<?php echo $_SERVER["PHP_SELF"];?>" method="POST">
<table>
<tr>
<td>Nama Properti</td>
<td>:</td>
<td>
<input type="text" name="property_name">
</td>
<td>
<?php if(isset($errors)) echo "<p class='errlog'>" . $errors . "</p>"; ?>
</td>
</tr>
<tr>
<td></td>
<td>:</td>
<td>
<input type="submit" name="submit-form" value="Kirim" >
</td>
</tr>
</table>
</form>
而我的行动是:
<?php
if (isset($_POST["submit-form"])) {
if (!empty($_POST["property_name"])) {
$mysqli = new mysqli("127.0.0.1", "root", "", "belajar");
if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL: " . $mysqli->connect_error;
exit();
}
$property_name = $_POST["property_name"];
echo $property_name; // produce 'x'); DROP TABLE kelas_lain;--
$sql = "INSERT INTO kelas_lain (property_name) VALUES (". $property_name .")";
echo "<br>" . $sql; // produce INSERT INTO kelas_lain (property_name) VALUES ('x'); DROP TABLE kelas_lain;--)
if ($sql_query = $mysqli->query($sql)) {
echo "<p class='successlog'>Success !</p>";
echo "Returned rows are: " . $sql_query->num_rows;
$sql_query->free_result();
}else{
echo "<p class='errlog'>There is an error with SQL !</p>";
}
$mysqli->close();
}else{
$errors = "Mohon Isi Form !";
}
}
?>
我通过输入用户表单传递了这个 'x'); DROP TABLE kelas_lain;--,但是我得到了一个错误 echo "<p class='errlog'>There is an error with SQL !</p>"; 而不是成功地执行了这个命令 INSERT INTO kelas_lain (property_name) VALUES ('x'); DROP TABLE kelas_lain;--),这会丢弃 kelas_lain table.
我做了 echo $sql; 它显示:
插入 kelas_lain (property_name) 值 ('x');下降 TABLE kelas_lain;--)
而且我认为一切都是正确的。
额外
虽然我已通过 url.url.
成功完成 (SQLi)传递的查询是: index.php?id=1 UNION SELECT password FROM siswalogin where id=1 这是代码:
<?php
/*
* Check if the 'id' GET variable is set
*/
if (isset($_GET['id'])){
$id = htmlspecialchars($_GET['id']);
/* Setup the connection to the database */
$mysqli = new mysqli('localhost', 'root', '', 'belajar');
/* Check connection before executing the SQL query */
if ($mysqli->connect_errno) {
printf("Connect failed: %s\n", $mysqli->connect_error);
exit();
}
/* SQL query vulnerable to SQL injection */
$sql = "SELECT username
FROM siswalogin
WHERE id = $id";
/* Select queries return a result */
if ($result = $mysqli->query($sql)) {
while($obj = $result->fetch_object()){
print($obj->username);
}
echo "<br>" . $id; // = 1 UNION SELECT password FROM siswalogin where id=1
}
/* If the database returns an error, print it to screen */
elseif($mysqli->error){
print($mysqli->error);
}
}
?>
出于安全原因(尤其是 sql 注入),mysqli_query() 函数不支持执行多个 sql 语句。
您必须使用 mysqli_multi_query() 函数(绝不能用于处理 Web 表单的内容)。
默认情况下 MariaDB/MySQL 服务器不支持执行多个 SQL 语句,除非设置了客户端标志 CLIENT_MULTI_STATEMENTS 和 CLIENT_MULTI_RESULTS。但是 PHP.