SQLi Fuzz测试Demo
SQLi.php
<html> <body> <form action="./sqli.php" method="post"> <p>请输入ID号:<input type="text" name="id"></p> <input type="submit" value="Submit"> </form> </body> </html> <?php if (isset($_POST['id'])){ $id = $_POST['id']; $mysql_server_name='localhost'; $mysql_username='root'; $mysql_password=''; $mysql_database='testing'; $conn=mysql_connect($mysql_server_name,$mysql_username,$mysql_password) or die("error connecting") ; mysql_query("set names 'utf8'"); mysql_select_db($mysql_database); $sql ="select * from admin where id=".$id; //SQL语句 echo "执行的SQL语句为: " . $sql; echo "</br/>"; $result = mysql_query($sql,$conn); //查询 while($row = mysql_fetch_array($result)){ echo "<br/>" . "UserName:" . $row['UserName'] . "<br/>" . "PassWord:" . $row['PassWord'] . "<br/>"; } $filename="fuzz.txt"; $handle=fopen($filename,"a+"); $sql = $sql . "\n\r"; $str=fwrite($handle,$sql); fclose($handle); }else{ echo "id为空"; } ?>
DATABASE
创建testing库 CREATE DATABASE `testing` CHARACTER SET utf8 COLLATE utf8_general_ci 创建admin表 CREATE TABLE `admin` ( `id` int NOT NULL AUTO_INCREMENT , `UserName` varchar(255) NOT NULL , `PassWord` varchar(255) NOT NULL , PRIMARY KEY (`id`) ) 插入管理员数据 INSERT INTO `admin` (`id`, `UserName`, `PassWord`) VALUES ('1', 'admin', '123456') INSERT INTO `admin` (`UserName`, `PassWord`) VALUES ('test', '123456') INSERT INTO `admin` (`UserName`, `PassWord`) VALUES ('kefu', '123456') INSERT INTO `admin` (`UserName`, `PassWord`) VALUES ('caiwu', '123456')