douzhuanfen5923 2015-01-25 12:32
浏览 39
已采纳

你能在这段代码上展示SQL注入的例子吗?

My friend is new to PHP concepts(And so am I), and he developed the code below. I know it is vulnerable, and I told him I could do stuff on his database, like messing with other tables, Update other values etc.

The vulnerable part of the code is an INPUT, that he uses for a common search. This is not a login.

$email = filter_input(INPUT_GET, 'email');

if ($email != '') {  
   $stm = $db->query("SELECT * from clients WHERE email =  '$email'");
   $result = $stm->fetchAll();
}

The problem is I can't do it, because query() only allows one statement per query. Is there a way to mess with anything important on his database? (This is a challenge for me to prove IN PRACTICE his mistakes)

  • 写回答

2条回答 默认 最新

  • doushun4666 2015-01-25 12:56
    关注

    With your code it's very easy to modify conditions of an SQL query.

    I can easily get ALL the clients, by making that condition is always true:

    http://localhost/inject.php?email=Client 1' OR '1'='1

    I can even read details from another table:

    http://localhost/inject.php?email=Client 1' UNION SELECT * FROM articles WHERE '1' = '1

    It all depends on what you do with results later, but as I shown on this two simple examples it's better to protect yourself.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥20 测距传感器数据手册i2c
  • ¥15 RPA正常跑,cmd输入cookies跑不出来
  • ¥15 求帮我调试一下freefem代码
  • ¥15 matlab代码解决,怎么运行
  • ¥15 R语言Rstudio突然无法启动
  • ¥15 关于#matlab#的问题:提取2个图像的变量作为另外一个图像像元的移动量,计算新的位置创建新的图像并提取第二个图像的变量到新的图像
  • ¥15 改算法,照着压缩包里边,参考其他代码封装的格式 写到main函数里
  • ¥15 用windows做服务的同志有吗
  • ¥60 求一个简单的网页(标签-安全|关键词-上传)
  • ¥35 lstm时间序列共享单车预测,loss值优化,参数优化算法