SQL注入自学[第一学:一个简单的注入环境的编写]
/*
转载请注明出处
ID:珍惜少年时
*/
CODE区域:
/*注:现在mysql_connect的这种连接方式已经被放弃了,也就是说不用了,老夫也是新手上路故,下载了一个wampserver2.2的低版本的环境来测试,当然了可以使用“@”符号,当然了用mysqli自然也是可以的。代码有待优化。新手上路嘛。嘻嘻。 */ <?php $localhost="localhost:3306"; $dbusername="root"; $dbpassword=""; $con=mysql_connect($localhost,$dbusername,$dbpassword); if (!$con) { die('could not connect'.mysql_error()); }else{ echo "恭喜您成功连接数据库。<br>"; } $selectdb=mysql_select_db('sqlinject'); if (!isset($_GET['id'])) { echo "亲,还没传参。"; exit; }else{ $queryA = "create database " ; $query = "select * from admin where id = " .$_GET['id']; } $sql=mysql_query($query); $mysql_fetch_array=mysql_fetch_array($sql); echo "<table class='itable' border='1' cellspacing='0' width='300px' height='150'>"; echo "<tr>"; echo "<td>id</td>"; echo "<td>username</td>"; echo "<td>password</td>"; echo "</tr>"; echo "<tr>"; echo "<td>".$mysql_fetch_array['id']."</td>"; echo "<td>".$mysql_fetch_array['username']."</td>"; echo "<td>".$mysql_fetch_array['password']."</td>"; echo "</tr>"; echo "</table>"; echo "您执行的sql语句是:".$query; echo "<br>"."----------------------ID:珍惜少年时----------------------"; mysql_close($con); ?>
数据库的创建:
sql>create database sqlinject; #创建sqlinject数据库 sql>use sqlinject; #使用sqlinject库 sql>create table admin #admin表的创建 sql>( sql>id int, sql>username varchar(255), sql>password varchar(255) sql>);
sql> #数据插入 sql>insert into admin(id,username,password) values(1,"admin","admin"); sql>insert into admin(id,username,password) values(2,"liuneng","123456"); sql>insert into admin(id,username,password) values(3,"dapao","6546765"); sql>insert into admin(id,username,password) values(4,"ergou","427543"); sql>insert into admin(id,username,password) values(5,"daniu","2754616"); sql>insert into admin(id,username,password) values(6,"xiaowang","25744451"); sql>insert into admin(id,username,password) values(7,"lanlan","8416864"); sql>insert into admin(id,username,password) values(8,"zhangmei","387415"); sql>insert into admin(id,username,password) values(9,"haixing","8464354");
By:珍惜少年时博客:http://www.cnblogs.com/xishaonian/
*-------------------------------------------*