使用 acunetix 进行 SQL 盲注
我正在使用 acunetix 来测试我的网站。问题出在这个脚本 http://boedesign.com/blog /2007/02/18/ajax-star- rating/
acunetix 不显示任何消息,但是当我测试盲 SQL 时,我可以获得像
8 and 1=0 --
8 and 31337-31337=0
rating_id mysql 列中的值,我只想允许中的数字在那里,所以我做了一些修复,但由于第一个数字是 8,它通过了 if。我该如何修复它?在includes/ rating_process.php 中是这样的,
// IF JAVASCRIPT IS ENABLED
if($_POST){
$id = escape($_POST['id']);
$rating = (int) $_POST['rating'];
if($rating <= 5 && $rating >= 1 && $id >= 1 && $id <=9999999){
if(@mysql_fetch_assoc(mysql_query("SELECT id FROM ratings WHERE IP = '".$_SERVER['REMOTE_ADDR']."' AND rating_id = '$id'")) || isset($_COOKIE['has_voted_'.$id])){
echo 'already_voted';
} else {
并且在“// IF JAVASCRIPT IS DISABLED”中的想法几乎相同
I'm using acunetix to test my website. The problem is with this script http://boedesign.com/blog/2007/02/18/ajax-star-rating/
acunetix doesn't show any message, but when I test for blind SQL I can get values like
8 and 1=0 --
8 and 31337-31337=0
in the rating_id mysql column, I want to only allow numbers in there, so I made a little fix but since the first number is 8 its passing trough the if. how can I fix it? It's something like this at includes/rating_process.php
// IF JAVASCRIPT IS ENABLED
if($_POST){
$id = escape($_POST['id']);
$rating = (int) $_POST['rating'];
if($rating <= 5 && $rating >= 1 && $id >= 1 && $id <=9999999){
if(@mysql_fetch_assoc(mysql_query("SELECT id FROM ratings WHERE IP = '".$_SERVER['REMOTE_ADDR']."' AND rating_id = '$id'")) || isset($_COOKIE['has_voted_'.$id])){
echo 'already_voted';
} else {
and almost the same think at the "// IF JAVASCRIPT IS DISABLED"
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果您知道评级必须是整数,则可以将变量转换为整数:
您也可以对
id变量执行同样的操作。它确保您只有整数值。
If you know that the rating must be an integer, you can cast your variable as an integer :
You can do as well on your
idvariable.It ensures you that you only have integer values.