Json injection

1. Introduction to Json

JSON is a grammar for storing and exchanging text information, and is a lightweight text data exchange format. Similar to xml, but JSON is smaller, faster, and easier to parse than XML. So now the interface data transmission is carried out in json mode. The MIME type of JSON text is "application/json".

json syntax

• Data is in name/value pairs
• Data is separated by comma
• Curly braces save objects
• Brackets save the array

JSON value

The JSON value can be:

• Number (integer or floating point) {"age":30}
• String (in double quotes) {"uname":"yang"}
• Logical value (true or false) {"flag":true}
• Array (in square brackets) {"sites":[{"name":"yang"},{"name":"ming"}]}
• Objects (in braces) JSON objects are written in braces ({}):
• null    { "runoob":null }

Json-demo:

  
   
   
{
"users": {
"user": [
{
"id": "1",
"username": "admin",
"passwd": "admin888"
},
{
"id": "2",
"username": "root",
"passwd": "root123"
},
{
"id": "3",
"username": "system",
"passwd": "system456"
}
]
}
}
  
   
   

Two, JSON injection

It is the same as xml injection, except that the data representation is different.

  
   
   
<?php
header( 'content-type:text/html;charset=utf-8');
if( isset($_POST[ 'json'])){
$json_str=$_POST[ 'json'];
$json=json_decode($json_str);
if(!$json){
die ( 'The format of the JSON document is wrong, please check' );
}
$username=$json->username;
//$passwd=$json->passwd;

$mysqli= new mysqli();
$mysqli->connect( 'localhost', 'root', 'root');
if($mysqli->connect_errno){
die ( 'Database connection failed:' .$mysqli->connect_error);
}
$mysqli->select_db( 'user');
if($mysqli->errno){
dir( 'Failed to open the database:' .$mysqli->error);
}
$mysqli->set_charset( 'utf-8');
$sql= "SELECT username,paawd FROM users WHERE username='{$username}'";
$result=$mysqli->query($sql);
if(!$result){
die ( 'Failed to execute SQL statement:' .$mysqli->error);
} else if($result->num_rows== 0){
die ( 'The query result is empty' );
} else {
$array1=$result->fetch_all(MYSQLI_ASSOC);
echo "Username: {$array1[0]['username']}, Password: {$array1[0]['paawd']}" ;
}
$result->free();
$mysqli->close();
}
?>
  
   
   

Like SQL injection, insert injection statements. But one thing to pay attention to is to escape the json statement, such as double quotation marks, curly braces, etc.