9Python Total Station Road series MySQL SL injection

Source: Internet
Author: User
Tags mysql sql injection sql injection

The Python full stack path series MySQL SQL injection


SQL注入is a code injection technique that used to attack data-driven applications such as injecting malicious SQL code into specific fields for the implementation of a drag-and-drop attack.

SQL注入Success must be based on application security vulnerabilities, such as when user input is not properly filtered (for certain strings), or when there is no special emphasis on the type, it is easy to create an abnormally executed SQL statement.

SQL注入Is the most commonly used attack technique in website infiltration, but SQL injection can be used to attack all SQL databases.

Implementation of SQL injection

Create a SQLdb database

CREATE DATABASE SQLdb;

create user_info Table

CREATE TABLE ' user_info ' (' id ' int (one) not NULL auto_increment, ' username ' varchar (+) DEFAULT NULL, ' password ' varcha R (+) default NULL, PRIMARY KEY (' id ')) engine=innodb default Charset=utf8;

Insert a user data

ansheng , password as

Insert into User_info (Username,password) VALUES ("Ansheng", "as");

Python code

app.pyFile

#!/usr/bin/env python# -*- coding:utf-8 -*-import tornado.ioloopimport  Tornado.webimport pymysqlclass loginhandler (Tornado.web.RequestHandler):     def  get (Self, *args, **kwargs):         self.render (' Login.html ')     def post (Self, *args, **kwargs):         username = self.get_argument (' username ',  none)          pwd = self.get_argument (' pwd ',  none)          conn = pymysql.connect (host= ' 127.0.0.1 ',  port=3306, user= ' root ',  Passwd= ' as ',  db= ' sqldb ')         cursor = conn.cursor ()         temp =  "Select username from user_ Info where username= '%s '  and password =  '%s '  % (username, pwd,)          Effect_row = cursor.execute (temp)         result =  Cursor.fetchone ()         conn.commit ()          cursor.close ()         conn.close ()          if result:             self.write (' login success ')         else:             self.write (' Login failed ')              application = tornado.web.application ([     (r "/ Login ",  loginhandler),]) if __name__ == " __main__ ":     Application.listen (8888)      tornado.ioloop.ioloop.instance (). Start () 

HTML code

login.htmlWith app.py file in sibling

<! Doctype html>

Demo effect

Open Browser, enter addresshttp://127.0.0.1:8888/login

Fill in the contents as follows:

User name:asas ‘ or 1 = 1-- asd
Password:随便填写一串字母

650) this.width=650; "src=" Https://blog.ansheng.me/static/uploads/2016/12/1483061797.png "alt=" sql-injection-01 " Style= "Border:0px;vertical-align:middle;"/>

提交will I be able to jump to the landing page when I click? If your code is the same as me, it will jump to 登陆成页面 .

Why does this problem occur?

The main reason for this problem is the way we use 字符串拼接 the SQL command stitching.

SQL command Stitching Code

temp = "Select username from user_info where username= '%s ' and password = '%s '"% (username, pwd,)

This is the result of a normal SQL stitching out

Select username from user_info where username= ' Ansheng ' and password = ' as '

This is a non-normal SQL stitching out the results

Select username from user_info where username= ' asas ' or 1 = 1--ASD ' and password = ' s '

Have you seen the mystery of the wise?--

How to prevent?

PassPythonOfpymysqlModule to performSQLThe execution, inpymysqlThe inside of the module will automatically"(single quotes do a special treatment to prevent the above errors

... effect_row = Cursor.execute ("Select username from user_info where username= '%s ' and password = '%s '", (username, pwd ))......

#Python全栈之路 #Sql注入


This article is from the "Eden" blog, so be sure to keep this source http://edeny.blog.51cto.com/10733491/1925919

9Python Total Station Road series MySQL SL injection

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.