蜗蜗侠's Blog-关注网络安全移动版

主页 > 技术笔记 >

SQL二次注入练习

注入页面:
<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8">
    <title>injectable test</title>
  </head>
  <body>
    <form class="" action="test_injectable_insert.php" method="post">
      UserName:<input type="text" name="username" value=""><br/>
      PassWord:<input type="text" name="password" value=""><br/>
      <input type="submit" name="sub" value="send">
    </form>
  </body>
</html>

<?php
//数据库连接信息
  $mysql=@new mysqli('127.0.0.1','root','root','test');
  if ($mysql->connect_errno) {
    die("Connect Error:".$mysql->connect_error);
  }
//插入数据
  if (!empty($_POST['sub'])) {
  //获取数据
    $username=$_POST['username'];
    $password=$_POST['password'];
  //构造语句
    $sql="INSERT INTO admin(username,password) VALUES('{$username}','{$password}')";
    echo $sql;
  //执行语句
    $mysql->query($sql);

 }
 ?>

 

 
显示页面:
<?php
  $mysql=@new mysqli('localhost','root','root','test');
  if ($mysql->connect_errno) {
    die("Connect Error:".$mysql->connect_error);
  }
//构造语句 查询数据
  $sql="SELECT * FROM admin";
  $result=$mysql->query($sql);
  //var_dump($result);
  $date=$result->fetch_all($resulttype = MYSQLI_ASSOC);
  //var_dump($date);
  foreach ($date as $value) {
    //var_dump($value);
    echo "<br />ID:".$value['id'];
    echo "<br />UserName:".$value['username'];
    echo "<br />PassWord:".$value['password'];
    echo "<hr />";
  }
 ?>

 

插入数据
二次注入 - sn0w - 雪花 -  root@sn0w.top
 实际执行sql语句
INSERT INTO admin(username,password) VALUES('admin',(select version()))
 
显示页面返回
二次注入 - sn0w - 雪花 -  root@sn0w.top
(责任编辑:蜗蜗侠)