The Python full stack path series MySQL SQL injection
SQL注入
is a code injection technique that used to attack data-driven applications such as injecting malicious SQL code into specific fields for the implementation of a drag-and-drop attack.
SQL注入
Success must be based on application security vulnerabilities, such as when user input is not properly filtered (for certain strings), or when there is no special emphasis on the type, it is easy to create an abnormally executed SQL statement.
SQL注入
Is the most commonly used attack technique in website infiltration, but SQL injection can be used to attack all SQL databases.
Implementation of SQL injection
Create a SQLdb
database
CREATE DATABASE SQLdb;
create user_info
Table
CREATE TABLE ' user_info ' (' id ' int (one) not NULL auto_increment, ' username ' varchar (+) DEFAULT NULL, ' password ' varcha R (+) default NULL, PRIMARY KEY (' id ')) engine=innodb default Charset=utf8;
Insert a user data
ansheng , password as
Insert into User_info (Username,password) VALUES ("Ansheng", "as");
Python code
app.py
File
#!/usr/bin/env python# -*- coding:utf-8 -*-import tornado.ioloopimport Tornado.webimport pymysqlclass loginhandler (Tornado.web.RequestHandler): def get (Self, *args, **kwargs): self.render (' Login.html ') def post (Self, *args, **kwargs): username = self.get_argument (' username ', none) pwd = self.get_argument (' pwd ', none) conn = pymysql.connect (host= ' 127.0.0.1 ', port=3306, user= ' root ', Passwd= ' as ', db= ' sqldb ') cursor = conn.cursor () temp = "Select username from user_ Info where username= '%s ' and password = '%s ' % (username, pwd,) Effect_row = cursor.execute (temp) result = Cursor.fetchone () conn.commit () cursor.close () conn.close () if result: self.write (' login success ') else: self.write (' Login failed ') application = tornado.web.application ([ (r "/ Login ", loginhandler),]) if __name__ == " __main__ ": Application.listen (8888) tornado.ioloop.ioloop.instance (). Start ()
HTML code
login.html
With app.py
file in sibling
<! Doctype html>
Demo effect
Open Browser, enter addresshttp://127.0.0.1:8888/login
Fill in the contents as follows:
User name:asas ‘ or 1 = 1-- asd
Password:随便填写一串字母
650) this.width=650; "src=" Https://blog.ansheng.me/static/uploads/2016/12/1483061797.png "alt=" sql-injection-01 " Style= "Border:0px;vertical-align:middle;"/>
提交
will I be able to jump to the landing page when I click? If your code is the same as me, it will jump to 登陆成页面
.
Why does this problem occur?The main reason for this problem is the way we use 字符串拼接
the SQL command stitching.
SQL command Stitching Code
temp = "Select username from user_info where username= '%s ' and password = '%s '"% (username, pwd,)
This is the result of a normal SQL stitching out
Select username from user_info where username= ' Ansheng ' and password = ' as '
This is a non-normal SQL stitching out the results
Select username from user_info where username= ' asas ' or 1 = 1--ASD ' and password = ' s '
Have you seen the mystery of the wise?--
How to prevent?PassPython
Ofpymysql
Module to performSQL
The execution, inpymysql
The inside of the module will automatically‘
"(single quotes do a special treatment to prevent the above errors
... effect_row = Cursor.execute ("Select username from user_info where username= '%s ' and password = '%s '", (username, pwd ))......
#Python全栈之路 #Sql注入
This article is from the "Eden" blog, so be sure to keep this source http://edeny.blog.51cto.com/10733491/1925919
9Python Total Station Road series MySQL SL injection