php SQL injection problem

Others 2022-05-26 17:09:28 views: 0
When developing a website, for security reasons, it is necessary to filter the characters passed from the page. Usually, users can call the contents of the database through the following interfaces: URL address bar, login interface, message board, search box, etc. This often brings unnecessary risks, such as data leakage.
The solution to the SQL injection problem this time is to find the SQL injection problem in the previous controller file. It is very important to patch the vulnerability, and it is also important to prevent the occurrence of the vulnerability. When using SQL statements to add, delete, modify, and query the database, you must consider the SQL The emergence of injection problems.
First understand the steps of SQL injection:
(1) Find the injection point (such as: login interface, message board, etc.);
(2) The user constructs the SQL statement by himself;
(3) Sends the SQL statement to the database management system (DBMS);
( 4) The DBMS receives the request, interprets the request into machine code instructions, and performs the necessary access operations;
(5) The DBMS accepts the returned result, processes it, and returns it to the user;
for example:
the form data $name (user name) and $possword (password) are all submitted form data to the background through the front-end page submit, and then query the required data by executing SQL statements in the background PHP file. 
$sql="select * from users where username='$name' and password=ma5('.$possword.') ";


Directly execute the data (username and password) submitted by the user (no special character filtering is implemented), if the username and password match successfully, it will jump to the interface after login, if unsuccessful, an error will be given prompt information.
Under normal circumstances, $name='user', $possword='123456', the executed SQL statement is: 
$sql="select * from users where username='user' and password=md5('123456') ";

If the account password is correct, then we will log in normally, if the account password is incorrect, an error message will be given. However, for websites with SQL injection vulnerabilities, as long as a special "string" is constructed, the login can still be successful. For example: enter: or 1=1# in the user name input box, and enter the password casually, then the SQL statement is: 
$sql="select * from users where username='or 1=1#' and password=md5('12345asdada6') ";

"#" is a comment character in mysql, so the content after the # sign will be regarded as comment content by mysql, so it will not be executed. The SQL statement then becomes 
$sql = select * from users where username='' or 1=1#' and password=md5('12345asdada6')";
//即为$sql = select * from users where username='' or 1=1;

At this time, judging that 1=1 is definitely true, then the executor can obtain the data he wants at will, which is a manifestation of the SQL injection vulnerability.

Guess you like

Origin http://10.200.1.11:23101/article/api/json?id=327003910&siteId=291194637
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com