如何使PHP Web应用程序运行一些注入的代码？

发布于 2025-01-30 08:40:33 字数 1597 浏览 2 评论 0原文

我有一个学术项目，包括探索Web应用程序的漏洞。我能够通过使用PHP包装器

http ://192.168.1.1.123/index.php?page=php://filter/filter/convert.base64-Encode/Resource/Resource=setUpreset

，我能够看到基本64中编码的文件的源代码，在解码后，该部分吸引了我。

nclude 'includes/dbconfig.inc';
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die('Error connecting to mysql');
mysql_query("DROP DATABASE " . $dbname,$conn);
mysql_query("CREATE DATABASE ". $dbname,$conn);
echo mysql_error($conn);
include 'includes/db.inc';
$query = 'CREATE TABLE forum_table( '.
         'cid INT NOT NULL AUTO_INCREMENT, '.
         'poster_name TEXT, '.
         'comment TEXT, '.
         'date DATETIME, '.
         'PRIMARY KEY(cid))';   
$result = mysql_query($query);
echo mysql_error($conn );
$query ="INSERT INTO `forum_table` (`cid`, `poster_name`, `comment`, `date`) VALUES
    (1, 'adude', 'Hello!!', '2009-03-01 22:26:12'),
    (2, 'adude', 'This lemonade is awesome!', '2009-03-01 22:26:54'),
    (3, 'anonymous', 'I am too good to diclose my identity', '2009-03-01 22:27:11'),
    (4, 'ze', 'Working hard for ESEGI.', '2009-03-01 22:27:48'),
    (5, 'ze', 'Please go to moodle and check the profs latest news.', '2009-03-01 22:29:04'),
    (6, 'manel', 'Got to study for ESEGI. ', '2009-03-01 22:29:49'),
    (7, 'manel', 'This assignment is EASY!', '2009-03-01 22:30:06'),
    (8, 'admin', 'The force IS with me.', '2009-03-01 22:31:13')";

我现在可以对此信息进行什么样的攻击？我可以使用某些变量暴露的事实，例如dbuser？我可以在插入语句中插入一些代码，例如＆lt; script＆gt; arter（document.cookie）＆lt;/script＆gt;吗？

如何使应用程序运行我的编辑脚本？

原文

I have an academic project that consists in exploring vulnerabilities of an web application.
I was able to see the source code of a file by using a PHP Wrapper

http://192.168.1.123/index.php?page=php://filter/convert.base64-encode/resource=setupreset

and I was able to see the source code of the file encoded in base 64 and after decoding it this part intrigued me.

nclude 'includes/dbconfig.inc';
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die('Error connecting to mysql');
mysql_query("DROP DATABASE " . $dbname,$conn);
mysql_query("CREATE DATABASE ". $dbname,$conn);
echo mysql_error($conn);
include 'includes/db.inc';
$query = 'CREATE TABLE forum_table( '.
         'cid INT NOT NULL AUTO_INCREMENT, '.
         'poster_name TEXT, '.
         'comment TEXT, '.
         'date DATETIME, '.
         'PRIMARY KEY(cid))';   
$result = mysql_query($query);
echo mysql_error($conn );
$query ="INSERT INTO `forum_table` (`cid`, `poster_name`, `comment`, `date`) VALUES
    (1, 'adude', 'Hello!!', '2009-03-01 22:26:12'),
    (2, 'adude', 'This lemonade is awesome!', '2009-03-01 22:26:54'),
    (3, 'anonymous', 'I am too good to diclose my identity', '2009-03-01 22:27:11'),
    (4, 'ze', 'Working hard for ESEGI.', '2009-03-01 22:27:48'),
    (5, 'ze', 'Please go to moodle and check the profs latest news.', '2009-03-01 22:29:04'),
    (6, 'manel', 'Got to study for ESEGI. ', '2009-03-01 22:29:49'),
    (7, 'manel', 'This assignment is EASY!', '2009-03-01 22:30:06'),
    (8, 'admin', 'The force IS with me.', '2009-03-01 22:31:13')";

What kind of attack can I do now with this information ? Can I use the fact that some variables are exposed like for example dbuser? Can I insert some code in the INSERT statement like for example <script>alert(document.cookie)</script>?

How can I make the application run my edited script?

分享到QQ

分享到微博