Original address: http://www.cnblogs.com/freespider/archive/2010/09/26/1835346.html
To be honest, if a site's front desk is injecting vulnerabilities, then with experience, the odds of a universal password into the background are basically
One hundred percent.
But some people say to the station of PHP if the GPC Magic switch is turned on, will be escaped to the special symbol, completely eliminate the
PHP injection.
In fact, said the person did not think about it, but also did not try to use the universal password into the background of PHP.
In fact, the GPC magic conversion is open to use the universal password into the background a little influence also did not.
If you use such a universal password ' or ' = ' or ', of course, the reason is that the single quotation marks will be converted when the GPC is opened.
The universal password I used when I injected PHP was: ' or 1=1/*.
Let's analyze why this can go backstage.
If the SQL statement writes this way: "SELECT * from admin where name= '". $_post[' name ']. "' and
Password= ' ". $_post[' password ']." ' ", then we enter the universal password in the account number ' or 1=1/*, the password randomly loses, SQL
The statement becomes a select * from admin where name= ' or 1=1/* ' and password= ' any character '.
/* is the comment for MySQL, so that everything behind it is commented out, which is why the password is lost randomly.
Assuming that the GPC conversion is not turned on, see: Where Name= ' or 1=1 (* * After the thing is commented out),
The logical value of Name= ' is false, and the logical value behind 1=1 is true, and for the whole it is false or true, the final logical value
Or really, in the backstage.
Then if the GPC conversion is turned on, the single quotation marks are converted. The statement becomes where name= ' \ ' or 1=1, in
Look at and just what the difference, nothing more than a \. The logical values of name= ' \ ' and name= ' are false, that 1=1
Is true, the logical value of the total SQL statement is not true? Is there a reason to get into the background?
So overall, the PHP site's universal password can be written like this: ' or 1=1/*, and the GPC conversion is not open to it
What Impact!
So please change your mind: There are character injection of PHP website can be used with the universal password ' or 1=1/*
PHP Universal Password Login