9Python Total Station Road series MySQL SL injection

The Python full stack path series MySQL SQL injection

SQL注入is a code injection technique that used to attack data-driven applications such as injecting malicious SQL code into specific fields for the implementation of a drag-and-drop attack.

SQL注入Success must be based on application security vulnerabilities, such as when user input is not properly filtered (for certain strings), or when there is no special emphasis on the type, it is easy to create an abnormally executed SQL statement.

SQL注入Is the most commonly used attack technique in website infiltration, but SQL injection can be used to attack all SQL databases.

Implementation of SQL injection

Create a SQLdb database

CREATE DATABASE SQLdb;

create user_info Table

CREATE TABLE ' user_info ' (' id ' int (one) not NULL auto_increment, ' username ' varchar (+) DEFAULT NULL, ' password ' varcha R (+) default NULL, PRIMARY KEY (' id ')) engine=innodb default Charset=utf8;

Insert a user data

ansheng , password as

Insert into User_info (Username,password) VALUES ("Ansheng", "as");

Python code

app.pyFile

#!/usr/bin/env python# -*- coding:utf-8 -*-import tornado.ioloopimport  Tornado.webimport pymysqlclass loginhandler (Tornado.web.RequestHandler):     def  get (Self, *args, **kwargs):         self.render (' Login.html ')     def post (Self, *args, **kwargs):         username = self.get_argument (' username ',  none)          pwd = self.get_argument (' pwd ',  none)          conn = pymysql.connect (host= ' 127.0.0.1 ',  port=3306, user= ' root ',  Passwd= ' as ',  db= ' sqldb ')         cursor = conn.cursor ()         temp =  "Select username from user_ Info where username= '%s '  and password =  '%s '  % (username, pwd,)          Effect_row = cursor.execute (temp)         result =  Cursor.fetchone ()         conn.commit ()          cursor.close ()         conn.close ()          if result:             self.write (' login success ')         else:             self.write (' Login failed ')              application = tornado.web.application ([     (r "/ Login ",  loginhandler),]) if __name__ == " __main__ ":     Application.listen (8888)      tornado.ioloop.ioloop.instance (). Start () 

HTML code

login.htmlWith app.py file in sibling

<! Doctype html>
Demo effect
Open Browser, enter addresshttp://127.0.0.1:8888/login
Fill in the contents as follows:
User name:asas ‘ or 1 = 1-- asd
Password:随便填写一串字母
650) this.width=650; "src=" Https://blog.ansheng.me/static/uploads/2016/12/1483061797.png "alt=" sql-injection-01 " Style= "Border:0px;vertical-align:middle;"/>
提交will I be able to jump to the landing page when I click? If your code is the same as me, it will jump to 登陆成页面 .
Why does this problem occur?
The main reason for this problem is the way we use 字符串拼接 the SQL command stitching.
SQL command Stitching Code
temp = "Select username from user_info where username= '%s ' and password = '%s '"% (username, pwd,)
This is the result of a normal SQL stitching out
Select username from user_info where username= ' Ansheng ' and password = ' as '
This is a non-normal SQL stitching out the results
Select username from user_info where username= ' asas ' or 1 = 1--ASD ' and password = ' s '
Have you seen the mystery of the wise?--
How to prevent?
PassPythonOfpymysqlModule to performSQLThe execution, inpymysqlThe inside of the module will automatically‘"(single quotes do a special treatment to prevent the above errors
... effect_row = Cursor.execute ("Select username from user_info where username= '%s ' and password = '%s '", (username, pwd ))......
#Python全栈之路 #Sql注入

This article is from the "Eden" blog, so be sure to keep this source http://edeny.blog.51cto.com/10733491/1925919
9Python Total Station Road series MySQL SL injection