MySQL之注入攻击

MySQL注入攻击

web应用程序对用户输入数据的合法性没有判断,攻击者可以在web应用程序中事先定义好的查询语句的结尾上添加额外的SQL语句,以此来实现欺骗数据库服务器执行非授权的任意查询,从而进一步得到相应的数据信息

数据表

CREATE TABLE USER(
	uid INT PRIMARY KEY AUTO_INCREMENT,
	uname VARCHAR(20),
	upassword VARCHAR(20)
);
INSERT INTO USER(uname,upassword) VALUES('mark','123'),('tom','789');
SELECT * FROM USER;

注入攻击

SELECT * FROM USER WHERE uname='dada' AND upassword='ds' OR 1=1;

Java测试

public class JDBCAttack {
	private static Scanner sc;
	public static void main(String[] args) {
		/*
		 * 获取用户输入的用户名和密码
		 */
		sc = new Scanner(System.in);
		System.out.println("请输入用户名:");
		String name = sc.next();
		System.out.println("请输入密码:");
		String pass = sc.next();
		
		/*
		 * 连接数据库进行注入攻击
		 */
		try {
			// 注册数据库
			Class.forName("com.mysql.jdbc.Driver");
		} catch (ClassNotFoundException e) {
			e.printStackTrace();
		}
		String url = "jdbc:mysql://localhost:3306/mybase";
		String username = "root";
		String password = "root";
		Connection conn = null;
		Statement st = null;
		ResultSet rs = null;
		try {
			// 获取连接
			conn = DriverManager.getConnection(url, username, password);
			//获取执行者
			st = conn.createStatement();
			//sql语句,执行验证查询
			String sql = "SELECT * FROM USER WHERE uname='" + name + "' AND upassword='" + pass + "'";
			System.out.println(sql);
			//执行sql语句
			rs = st.executeQuery(sql);
			if(rs.next()){
				System.out.println("用户名和密码验证通过!");
			}
			else {
				System.out.println("用户名和密码验证不通过!");
			}
		} catch (SQLException e) {
			e.printStackTrace();
		}finally{
			try {
				rs.close();
				st.close();
				conn.close();
			} catch (SQLException e) {
				e.printStackTrace();
			}
		}
	}
}

测试结果


猜你喜欢

转载自blog.csdn.net/mmake1994/article/details/80717401
今日推荐