我有这个从用户输入接收参数的查询,我认为我很容易受到 SQL injection 的攻击。
$query = "SELECT pcode,price,description
FROM products
WHERE description like '%" . $search_criteria . "%' ORDER BY PRICE ";为了测试它是否真的很脆弱,我正在尝试发送以下输入
%';DELETE FROM products WHERE cid=18;#以便运行删除指令,但此输入的结果查询如下。
pcode,price,description FROM products WHERE description like '%%';DELETE FROM products WHERE cid=18#' %' ORDER BY PRICE虽然我的测试参数出现在结果 SQL 中,但 SQL 的其余部分(“%' ORDER BY PRICE)没有被 # 忽略。
我需要进行哪些调整才能使我的输入删除测试行?
输出
SQL Error:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'DELETE FROM products WHERE cid=17;-- %' ORDER BY PRICE' at line 1
SQL Statement:SELECT pcode,price,description FROM products WHERE description like '%%';DELETE FROM products WHERE cid=17;-- %' ORDER BY PRICE
Did you run setupreset.php to setup/reset the DB?后端如何执行查询
$query = "SELECT pcode,price,description FROM products WHERE description like '%" . $search_criteria . "%' ORDER BY PRICE ";
$result = execute_query($query);回答1
您要破解哪个目标 DBMS?基本上您可以尝试使用以下条件:
%';DELETE FROM products WHERE cid=18;--'