SQL injection principle

Catalog

1. sql Reason for injection

2. Log in to the case

3.cms sql Inject

1. sql Reason for injection

Languages can be divided into analytic languages and compiled languages . Parsing is a language in which a runtime component parses language code and executes the instructions contained in it . The compiled type is the code that is converted into machine instructions when it is generated , These instructions are then executed directly at run time by the computer using the changed language .

In analytic , If the program interacts with the user . The user can construct special input to splice into the program to execute , Thus, the program executes the code that may have malicious behavior according to the user input .

such as sql Inject

2. Log in to the case

Sign in sql sentence : select *from admin where username =' User name entered by the user 'and password =' The password entered by the user '

The content entered by the user can be controlled by the user , For example, you can enter 'or 1=1'

sql sentence : select * from admin where username =''or 1=1 --'and paswword =' The password entered by the user ', among or 1=1 Always true , -- The content after the comment is no longer executed , therefore sql Statement execution will return admin Everything in the table .

Here, for example.

  We don't know his user name or password , Let's just type it in , Then click login to make an error , Promotion error .

that , We are like this

Be careful , 1=1 --     -- Add a space after it , Or it won't work ！

  You can see , It bypasses the error prompt directly

3.cms sql Inject

 cms Logic : index.php Homepage display content , Has a list of articles （ The connection has articles id）、articles.php Article details page ,URL in article.php?id= article id Read id article .

sql Injection verification ：

1. Single quotation marks '

2. and 1=1

3. and 1=2

If the page mysql Report errors , Prove that the page exists sql Inject holes