sql 为 sql 注入创建演示时出现语法错误
sql syntax error while creating a demo for sql injection
我正在尝试创建一个登录页面来演示一个简单的 sql 注入攻击。
下面是从 login.html 接收输入的 php 代码:
<?php
define('DB_HOST', 'localhost');
define('DB_NAME', 'sql-injection');
define('DB_USER','root');
define('DB_PASSWORD','');
$con=@mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());
/* $ID = $_POST['user']; $Password = $_POST['pass']; */
function SignIn()
{
session_start(); //starting the session for user profile page
if(!empty($_POST['user']) and !empty($_POST['pass'])) //checking the username and password which is coming from Sign-In.html, are they empty or have some text
{
$query = mysql_query("SELECT * FROM UserName where userName = '$_POST[user]'") or die(mysql_error());
$row = mysql_fetch_array($query) or die(mysql_error());
if(!empty($row['userName']) AND !empty($row['pass']))
{
if ($_POST['pass'] == $row['pass'])
{
echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE...";
}
else
{
echo "SORRY... YOU ENTERD WRONG ID AND PASSWORD... PLEASE RETRY...";
}
}
else
{
echo "The db is corrupt";
}
}
else{
echo "The username and password fields cant be empty";
}
}
if(isset($_POST['submit']))
{
SignIn();
}
?>
数据库有一个 table 包含列的用户名
UsernameID userName pass
1 mrboolnew mrbool123
我正在尝试在用户名列中输入:
Y';UPDATE username SET userName='mrboolnew1' WHERE userName = 'mrboolnew';
但我收到以下错误:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'UPDATE username SET userName='mrboolnew1' WHERE userName = 'mrboolnew';'' at line 1
谁能帮我解决注入问题。
提前致谢。
您已经添加了防止注入攻击的保护,甚至可能不知道。mysql_query() 只向数据库发送一个查询(请参阅 here)。不允许使用分号;也不是多个查询。
您必须更加努力地注入您自己的代码。
我正在尝试创建一个登录页面来演示一个简单的 sql 注入攻击。 下面是从 login.html 接收输入的 php 代码:
<?php
define('DB_HOST', 'localhost');
define('DB_NAME', 'sql-injection');
define('DB_USER','root');
define('DB_PASSWORD','');
$con=@mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());
/* $ID = $_POST['user']; $Password = $_POST['pass']; */
function SignIn()
{
session_start(); //starting the session for user profile page
if(!empty($_POST['user']) and !empty($_POST['pass'])) //checking the username and password which is coming from Sign-In.html, are they empty or have some text
{
$query = mysql_query("SELECT * FROM UserName where userName = '$_POST[user]'") or die(mysql_error());
$row = mysql_fetch_array($query) or die(mysql_error());
if(!empty($row['userName']) AND !empty($row['pass']))
{
if ($_POST['pass'] == $row['pass'])
{
echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE...";
}
else
{
echo "SORRY... YOU ENTERD WRONG ID AND PASSWORD... PLEASE RETRY...";
}
}
else
{
echo "The db is corrupt";
}
}
else{
echo "The username and password fields cant be empty";
}
}
if(isset($_POST['submit']))
{
SignIn();
}
?>
数据库有一个 table 包含列的用户名
UsernameID userName pass
1 mrboolnew mrbool123
我正在尝试在用户名列中输入:
Y';UPDATE username SET userName='mrboolnew1' WHERE userName = 'mrboolnew';
但我收到以下错误:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'UPDATE username SET userName='mrboolnew1' WHERE userName = 'mrboolnew';'' at line 1
谁能帮我解决注入问题。 提前致谢。
您已经添加了防止注入攻击的保护,甚至可能不知道。mysql_query() 只向数据库发送一个查询(请参阅 here)。不允许使用分号;也不是多个查询。
您必须更加努力地注入您自己的代码。