堆栈内存溢出
  简体   繁体   English

SQL登录注入,选择第二行

[英]SQL login injection, selecting the second row

 原文  2018-04-14 07:30:39       php/ sql/ sql-injection

问题描述

I have this sample php code that i want to demostrate SQL injection with.I have been able to login using ' or 1=1-- but it select the first row. 我有这个示例PHP代码,我想说明SQL注入。我已经能够使用'或1 = 1--登录,但它选择第一行。 I want to slect the second user .My table has only two users.Now i want to base my injection with the following code ' OR 1 =1 ORDER BY login DESC LIMIT 1 -- but it is resulting to an error.that is Fatal error: Uncaught Error: Call to a member function rowCount() .The question is how can i select the second row. 我想选择第二个用户。我的表只有两个用户。现在我想根据以下代码进行注入'OR 1 = 1 ORDER BY登录DESC LIMIT 1 - 但是它导致了一个错误。这是致命的错误:未捕获错误:调用成员函数rowCount()。问题是如何选择第二行。

Here is by php code : 这是通过PHP代码: 

 try {
 $db = new PDO($db_conn_str, $db_username, $db_password);
 $query = "select * from " . $db_tablename . " where login='" . 
 $_POST["username"] . "' and passwd='" . $_POST["password"] . "'";
 /*echo "$query <br /><br />";*/
 $result = $db->query($query);
 $num=$result->rowCount();
 } catch (PDOException $e) {
  echo "Error in PDO: " . $e->getMessage();

3 个解决方案

解决方案1
 2  2018-04-14 07:41:11

尝试' OR 1 = 1 LIMIT 1 OFFSET 1查询。

解决方案2
 1  2018-04-14 08:11:40

OR condition should go with brackets before ORDER BY. OR条件应在ORDER BY之前用括号括起来。

So it should be like this: 所以它应该是这样的: 

$_POST["username"] = "";
$_POST["password"] = "' OR (1=1) ORDER BY login DESC LIMIT 1--";

If you print out your query, it will be this: 如果您打印出查询,它将是: 

select * from table_name where login='' and passwd='' OR (1=1) ORDER BY login DESC LIMIT 1--'

And it would be surprised to see someone using PDO without a prepared statement. 如果有人在没有准备好的声明的情况下使用PDO,那将会感到惊讶。

解决方案3
 0  2018-04-14 07:34:42

Use Prepared statement of PDO instead of this simple method. 使用PDO的Prepared语句而不是这个简单的方法。 It Can't stop SQL Injection. 它无法阻止SQL注入。 for your support click below 如需支持,请点击下方
http://php.net/manual/en/pdo.prepared-statements.php http://php.net/manual/en/pdo.prepared-statements.php
http://php.net/manual/en/pdo.prepare.php http://php.net/manual/en/pdo.prepare.php

Example Given Below: 示例如下:

$stmt = $pdo->prepare('SELECT * FROM users WHERE email = ? AND status=?'); $ stmt = $ pdo-> prepare('SELECT * FROM users WHERE email =?AND status =?'); $stmt->execute([$email, $status]); $ stmt-> execute([$ email,$ status]);
$user = $stmt->fetch(); $ user = $ stmt-> fetch();

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 SQL注入登录绕过 - SQL injection login bypass 使用Jquery选择SQL表列-SQL注入? - Selecting SQL table column with Jquery - SQL injection? sql注入登录表单错误 - sql injection login form error 安全性PHP登录SQL注入 - Security PHP login SQL injection PHP登录脚本未选择行 - PHP Login Script Not Selecting Row 客户端仅选择时的SQL注入 - SQL injection when client is only selecting 通过添加第二个查询,实际上是否可以进行SQL注入? - Is an SQL injection actually possible by adding a second query? 我的登录脚本是否容易受到SQL注入攻击? - Is my Login Script is vulnerable to SQL Injection? 考虑到SQL注入,这种PHP登录技术是否安全? - Is this PHP login technique safe considering SQL injection? 登录表单的简单SQL注入解决方案? - Simple sql injection solution for login forms?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM