Ethical Hacking - Web Penetration Testing(11)

SQL INJECTION

Preventing SQLi

  • Filters can be bypassed.
  • Use a blacklist of commands? Still can be bypassed.
  • Use whitelist? Same issue.

-> Use parameterized statements, separate data from SQL code.

<?php
//$textbox1 = admin' union select #
Select * from accounts where username = '$textbox1'
//Bad Sample: Select * from accounts where username = 'admin' union select #'

Safe:
->prepare(Select * from accounts where username = ?")
->execute(array('$textbox1')) 

//prepare(Select * from accounts where username = "'admin' union select #'")
//execute(array('admin' union select #')) 
?>

 

posted @ 2020-02-09 21:11  晨风_Eric  阅读(155)  评论(0编辑  收藏  举报