2011-12-01 11:52
浏览 42

PHP / MySQL注入示例

This is a follow-up to this question: Is PHP's addslashes vulnerable to sql injection attack? (thanks to everyone that replied over there).

Same scenario, but I have this code (in another page):

             $ID = $_GET['id'];
             $sql = "SELECT * FROM blog WHERE id='$ID'";
             $result = mysql_query($sql);

This should be easy enough to exploit, right?

If I remember correctly I CANNOT run a second query inside mysql_query() but I should be able to do some other malicious stuff, right? Would love to be able to insert a user into the admin table or change a password or something, but I assume I wouldn't be able to do anything other than touch the blog table. Is that correct? Any suggestions on how I can play around and tweak something to prove that there are concerns?

图片转代码服务由CSDN问答提供 功能建议

这是此问题的后续内容: PHP的addslashes是否容易受到sql注入攻击?(感谢那些在那里回复的人)。</ p> \ n

相同的情况,但我有这个代码(在另一个页面中):</ p>

  $ ID = $ _GET ['id']; 
 $ sql =“SELECT  * FROM blog WHERE id ='$ ID'“; 
 $ result = mysql_query($ sql); 
 </ code> </ pre> 

这应该很容易被利用,对吗? </ p>

如果我没记错的话,我不能在mysql_query()中运行第二个查询,但我应该可以做一些其他的恶意内容,对吧? 希望能够将用户插入管理表或更改密码或其他内容,但我认为除了触摸博客表之外我无法做任何其他事情。 那是对的吗? 关于我如何玩耍和调整某些东西以证明存在问题的任何建议?</ p> </ div>

2条回答 默认 最新

相关推荐 更多相似问题