douping5015 2014-11-05 16:44
浏览 17
已采纳

sql注入可能是下面的PHP代码吗?

$sql_checkpasswd = "SELECT user_id, username, user_password, user_active
FROM " . USERS_TABLE . "
WHERE username = '" . $username . "'" . " AND user_password = '" . md5($password). "'";

Above is how my php code is written. This is for a login page.

How can use sql injection technique to login without knowing password?

Thanks

I tried all possible combinations ' OR '1=1'

' OR '1=1' --

admin');#

and all usual one's.

Error for one of the query: http://prntscr.com/53bmv8

P.s.: I have spent a great deal of time doing research on the subject and tried many different methods, which is why I am posting this question in order to get some help. I'm new at sql injection.

  • 写回答

3条回答 默认 最新

  • drahywu329376 2014-11-06 04:06
    关注

    I finally figured this out, might help someone else having same question:

    Enter this in username field:

    admin' AND 1=1 or '1'='1

    Above username works fine, I dont have to enter password and can leave it blank since the query becomes

    $username= admin' AND 1=1 OR '1'='1 AND $password = anything

    Even if one condition is satisfied in above query, i get the access and the username part is True since 1=1AND admin is an existing username

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么
  • ¥15 banner广告展示设置多少时间不怎么会消耗用户价值
  • ¥16 mybatis的代理对象无法通过@Autowired装填
  • ¥15 可见光定位matlab仿真
  • ¥15 arduino 四自由度机械臂
  • ¥15 wordpress 产品图片 GIF 没法显示
  • ¥15 求三国群英传pl国战时间的修改方法
  • ¥15 matlab代码代写,需写出详细代码,代价私
  • ¥15 ROS系统搭建请教(跨境电商用途)
  • ¥15 AIC3204的示例代码有吗,想用AIC3204测量血氧,找不到相关的代码。