这种完全没有安全考虑的SQL注入怎么能行得通呢?
bob'); drop table students; --
在 PHP 中,这会失败:
mysql("statement1;statement2;");
只能有一个语句,所以我真的怀疑上面的注入实际上是如何工作的?
bob'); drop table students; --
In PHP,this will fail:
mysql("statement1;statement2;");
There can be only one statement,so I really doubt how can the above injection actually work at all?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
如果代码使用 mysqli 库,这种注入就会起作用因为它确实允许同时运行多个查询。
That kind of injection will work if the code is using the mysqli library as it does allow for multiple queries to be run at once.
它在 MySQL 中不起作用,但是 SQL 注入还可以做其他事情。
考虑一下:
如果将其写入
username字段:它会变成:
还有拒绝服务攻击的可能性,它们会构造输入,以便查询需要很长时间才能完成,霸占服务器上的所有资源。
如果您的系统中有 1000 个用户,则该子查询将尝试返回 1,000,000,000,000 条记录。
Well it doesn't work in MySQL, but there's other things that can be done with SQL injection.
Consider this:
If you write this into the
usernamefield:it becomes:
There's also the possibility of Denial-of-service attacks, where they structure the input so that the query takes a very long time to complete, hogging all the resources on your server.
If you had 1000 users in your system, that subquery would be trying to return 1,000,000,000,000 records.
这只是一个卡通!
你是对的,默认情况下多重查询不起作用,并且 PHP 中的普通 mysql 扩展根本不支持它。
存在更微妙的 SQL 注入漏洞,但漫画就不会那么有趣了,不是吗?
It's just a cartoon!
You're right, multi-query does not work by default, and it's not supported at all by the plain mysql extension in PHP.
More subtle SQL injection exploits exist, but then the comic wouldn't be as funny, would it?
不确定这是否有效,但尝试使用
//作为分隔符而不是;,例如,有关于使用 PHP 中的 multi_query 语句提交多个语句的信息 此处。
Not sure if this will work, but try using
//as your separator instead of;, e.g.,There is info on submitting multiple statements using the multi_query statement from PHP here.