从Active Directory进行SQL注入
[英]SQL injection from an Active Directory
问题描述
I have a problem I don't understand. 
我有一个我不明白的问题。 I want to make a php script which will fill some sql's tables from an Active Directory. 我想制作一个PHP脚本,它将从Active Directory中填充一些sql表。
Here is a part of my code : $result=ldap_list($connect, "OU=PROFS,".$base_dnref, "(ou=*)"); 这是我的代码的一部分: $result=ldap_list($connect, "OU=PROFS,".$base_dnref, "(ou=*)");
$res = ldap_get_entries($connect, $result);
for ($i=0; $i < $res["count"]; $i++) {
$result2=ldap_list($connect, "OU=".$res[$i]["ou"][0].",OU=PROFS,".$base_dnref, "(cn=*)");
$res2 = ldap_get_entries($connect, $result2);
for($j=0;$j<$res2["count"];$j++){
$insert=$db->query("INSERT INTO PROFESSEURS(NOM) VALUES ('".$res2[$j]["cn"][0]."')");
$insert->fetch();
}
}
$result=ldap_list($connect, "OU=ELEVES,".$base_dnref, "(ou=*)");
$res = ldap_get_entries($connect, $result);
for ($z=0; $z < $res["count"]; $z++) {
$insert=$db->query("INSERT INTO CLASSE(NUMERO) VALUES ('".strval($res[$z]["ou"][0])."')");
$insert->fetch();
$result2=ldap_list($connect, "OU=".$res[$z]["ou"][0].",OU=ELEVES,".$base_dnref, "(cn=*)");
$res2 = ldap_get_entries($connect, $result2);
for($y=0;$y<$res2["count"];$y++){
$insert=$db->query("INSERT INTO ELEVE(NOM) VALUES ('".$res2[$y]["cn"][0]."')");
$insert->fetch();
}
}
}
catch (PDOException $e) {
print 'Exception : ' . $e->getMessage();
}`
The matter is that the first double for works perfectly, but the second doesn't. 问题在于,第一个双打for完美,但是第二个却不能。 However I used the same syntax. 但是我使用了相同的语法。 The error is : "Exception : SQLSTATE[HY000]: General error". 错误为:“异常:SQLSTATE [HY000]:常规错误”。
Additionaly, the query $insert=$db->query("INSERT INTO CLASSE(NUMERO) VALUES ('".strval($res[$z]["ou"][0])."')"); 另外,查询$insert=$db->query("INSERT INTO CLASSE(NUMERO) VALUES ('".strval($res[$z]["ou"][0])."')"); works fine but only with half of the Active Directory datas, the other not at all. 可以正常工作,但只能使用一半的Active Directory数据,而另一半则不能。 I'm sure that the problem doesn't come from the LDAP path, I use LDAPExplorerTool for this. 我确定问题不是出自LDAP路径,为此我使用LDAPExplorerTool。
Could you help me please ? 请问你能帮帮我吗 ?
2 个解决方案
解决方案1
0 2015-06-12 12:45:05
Please replace below code with yours: 请使用以下代码替换您的代码:
$res = ldap_get_entries($connect, $result);
for ($i=0; $i < $res["count"]; $i++) {
$result2=ldap_list($connect, "OU=".$res[$i]["ou"][0].",OU=PROFS,".$base_dnref, "(cn=*)");
$res2 = ldap_get_entries($connect, $result2);
for($j=0;$j<$res2["count"];$j++){
$NOM = $res2[$j]["cn"][0];//Store value into variable for further use...
$insert=$db->query("INSERT INTO PROFESSEURS(NOM) VALUES ('".$NOM."')");
$insert->fetch();
}
}
$result=ldap_list($connect, "OU=ELEVES,".$base_dnref, "(ou=*)");
$res = ldap_get_entries($connect, $result);
for ($z=0; $z < $res["count"]; $z++) {
$NUMERO = strval($res[$z]["ou"][0]);//Store value into variable for further use...
$insert=$db->query("INSERT INTO CLASSE(NUMERO) VALUES ('".$NUMERO."')");
$insert->fetch();
$result2=ldap_list($connect, "OU=".$res[$z]["ou"][0].",OU=ELEVES,".$base_dnref, "(cn=*)");
$res2 = ldap_get_entries($connect, $result2);
for($y=0;$y<$res2["count"];$y++){
$NOM = $res2[$y]["cn"][0];//Store value into variable for further use...
$insert=$db->query("INSERT INTO ELEVE(NOM) VALUES ('".$res2[$y]["cn"][0]."')");
$insert->fetch();
}
}
I have made some slight changes where I have doubt. 我怀疑的地方做了一些细微的改动。 I suggest to use PDO statement because old one is now depreciated. 我建议使用PDO语句,因为旧语句现在已折旧。
Let me know if you are still facing error, we can drill into it solve that problem. 如果您仍然遇到错误,请告诉我们,我们可以对其进行深入研究以解决该问题。
Thanks! 谢谢!
解决方案2
0 2015-06-16 12:57:26
I solved the problem. 我解决了问题。 It came from the syntax of the queries. 它来自查询的语法。 I replace : 我替换:
$insert=$db->query("INSERT INTO ELEVE(NOM) VALUES ('".$res2[$y]["cn"][0]."')"); $insert->fetch();
by : $insert=$db->exec('INSERT INTO ELEVE(NOM) VALUES ("'.$res2[$y]["cn"][0].'")'); 通过: $insert=$db->exec('INSERT INTO ELEVE(NOM) VALUES ("'.$res2[$y]["cn"][0].'")');
So much time for this... 这么多时间...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.