When the entry of the novice web security, sql injection is often the first to use a loophole, it is also a considerable hazard vulnerability, the vulnerability exists, then there is a risk of being Tuoku.
All of the following code is I wrote it myself, there may be unsightly, coding errors and so on, I hope you can correct me.
Vulnerability to explain
Figure is a normal login box
When click landing, capture
In this case, it is thrown directly sqlmap, the implanting detected
You can see the burst of the system environment, database version, etc.
Here to add the code previously used
login.php
logins.php
Parameters directly receive the code transmitted, and then directly into the database query, without any filter, so results in the production of injection sql.
Simple repair
Here, only need to pass parameters to filter on it, there are many filtration methods, and here I use the addslashes () function to filter.
First, increase the function of a filter
Then, pass the time, the variable filter
At this point it ran again sqlmap
expand
It should be noted that a problem, addslashes () function is also a way around, so be sure to pay attention to the following questions
1. Do not use gbk, there will be byte wide injection
2. After the encoding and decoding must be carried out again filtered
3. After using this function, be sure not to use stripslashes () function
4. If you need to do the replacement string, we must pay attention to its rigor
No public debut article: unintentional balderdash (wuxinmengyi)
This is a record red team learning, Principal notes, personal growth number of public
Concern to scan code