django中安全sql注入等

模拟sql注入

  1. 使用原生sql语句编写login登录逻辑
class LoginUnsafeView(View):
    def get(self, request):
        return render(request, "login.html", {})

    def post(self, request):
        user_name = request.POST.get("username", "")
        pass_word = request.POST.get("password", "")

        import MySQLdb
        conn = MySQLdb.connect(host='127.0.0.1', user='root', passwd="root", db="mxonline", charset='utf8')
        cursor = conn.cursor()
        sql_select = "select * from users_userprofile where email='{0}' and password='{1}'".format(user_name, pass_word)

        result = cursor.execute(sql_select)
        for row in cursor.fetchall():
            # 查询到用户
            pass
        print 'login end'

 

编写url

页面登录测试

随意输入aaa/aaa,可以看到是不可能登录成功的

登录框输入 ' OR 1 = 1#
空格单引号  'or 1=1#

可以看到sql语句拼凑成功绕过验证

posted @ 2019-12-16 17:26  reblue520  阅读(318)  评论(0编辑  收藏  举报