SQLi Fuzz测试Demo

SQLi.php

<html>
    <body>
        <form action="./sqli.php" method="post">
            <p>请输入ID号:<input type="text" name="id"></p>
            <input type="submit" value="Submit">
        </form>
    </body>
</html>

<?php
	if (isset($_POST['id'])){
        $id = $_POST['id'];
        $mysql_server_name='localhost';
        $mysql_username='root';
        $mysql_password='';
        $mysql_database='testing';
        
        $conn=mysql_connect($mysql_server_name,$mysql_username,$mysql_password) or die("error connecting") ;
        
        mysql_query("set names 'utf8'");
        mysql_select_db($mysql_database);
        $sql ="select * from admin where id=".$id; //SQL语句
        
        echo "执行的SQL语句为: " . $sql;
        echo "</br/>";
        $result = mysql_query($sql,$conn); //查询
        
        while($row = mysql_fetch_array($result)){
            echo "<br/>" . "UserName:" . $row['UserName'] . "<br/>" . "PassWord:" . $row['PassWord'] . "<br/>"; 
			}
        
        $filename="fuzz.txt";
        $handle=fopen($filename,"a+");
        $sql = $sql . "\n\r";
        $str=fwrite($handle,$sql);
        fclose($handle);
    }else{
        echo "id为空";
    }
?>

  

DATABASE

创建testing库
CREATE DATABASE `testing` CHARACTER SET utf8 COLLATE utf8_general_ci


创建admin表
CREATE TABLE `admin` (
`id`  int NOT NULL AUTO_INCREMENT ,
`UserName`  varchar(255) NOT NULL ,
`PassWord`  varchar(255) NOT NULL ,
PRIMARY KEY (`id`)
)


插入管理员数据
INSERT INTO `admin` (`id`, `UserName`, `PassWord`) VALUES ('1', 'admin', '123456')
INSERT INTO `admin` (`UserName`, `PassWord`) VALUES ('test', '123456')
INSERT INTO `admin` (`UserName`, `PassWord`) VALUES ('kefu', '123456')
INSERT INTO `admin` (`UserName`, `PassWord`) VALUES ('caiwu', '123456')

  

posted @ 2017-08-10 13:43  航子er  阅读(786)  评论(0编辑  收藏  举报