我正在准备SQL注入(inject)易受攻击的页面来测试技能,这是我的代码:
<?php
echo "<center><h1>Login Bypass</h1></center>";
include 'config.php';
mysql_connect($host, $user, $password) or die(mysql_error());
mysql_select_db($database) or die(mysql_error());
$name = $_REQUEST['name'];
$passwd = $_REQUEST['passwd'];
$query_string = "SELECT * FROM users WHERE username = '$name' AND password = '$passwd'";
echo "<center>".$query_string."</center><br/>";
$query = mysql_query($query_string) or die(mysql_error());
$row = mysql_fetch_array($query);
if(mysql_num_rows($query)>0)
echo "<center>SUCCESS</center><br/>";
else echo "<center>ACCESS DENIED</center><br/>";
echo "<center>".$row['email']."</center><br/>";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Login Bypass</title>
<meta http-equiv="content-type" content="text/html;charset=utf-8" />
<meta name="generator" content="Geany 0.19.1" />
</head>
<body>
<center>
<form action="login_bypass.php" method="get">
Login: <input name="name">
Password: <input name="passwd" >
<input type="submit" value="CHECK">
</form>
</center>
</body>
</html>
我还有表用户,我的用户名='agajan' 和密码='12345' 电子邮件='torayeff@gmail.com'。 我知道这个查询是易受攻击的:
$query_string = "SELECT * FROM users WHERE username = '$name' AND password = '$passwd'";
但是当我插入以下“agajan'/*”而不是用户名并将密码字段留空时,我得到:
SELECT * FROM users WHERE username = 'agajan' /* ' AND password = ' '
...但是它给我 mysql 错误。谁能解释一下为什么我不能注入(inject) sql?
最佳答案
您不会关闭您的评论。尝试
“阿加詹”;——“
SELECT *
FROM users
WHERE username = 'agajan'; -- ' AND password = ' '
关于php - SQL注入(inject)登录绕过,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/6216114/