douzhuanfen5923 2015-01-25 12:32
浏览 39
已采纳

你能在这段代码上展示SQL注入的例子吗?

My friend is new to PHP concepts(And so am I), and he developed the code below. I know it is vulnerable, and I told him I could do stuff on his database, like messing with other tables, Update other values etc.

The vulnerable part of the code is an INPUT, that he uses for a common search. This is not a login.

$email = filter_input(INPUT_GET, 'email');

if ($email != '') {  
   $stm = $db->query("SELECT * from clients WHERE email =  '$email'");
   $result = $stm->fetchAll();
}

The problem is I can't do it, because query() only allows one statement per query. Is there a way to mess with anything important on his database? (This is a challenge for me to prove IN PRACTICE his mistakes)

  • 写回答

2条回答 默认 最新

  • doushun4666 2015-01-25 12:56
    关注

    With your code it's very easy to modify conditions of an SQL query.

    I can easily get ALL the clients, by making that condition is always true:

    http://localhost/inject.php?email=Client 1' OR '1'='1

    I can even read details from another table:

    http://localhost/inject.php?email=Client 1' UNION SELECT * FROM articles WHERE '1' = '1

    It all depends on what you do with results later, but as I shown on this two simple examples it's better to protect yourself.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 基于卷积神经网络的声纹识别
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值
  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 CSAPPattacklab
  • ¥15 一直显示正在等待HID—ISP
  • ¥15 Python turtle 画图
  • ¥15 stm32开发clion时遇到的编译问题