PHP universal password

Mysterious little strong & 1943

To be honest, if a website's front-end is prone to injection vulnerabilities, the chances of having a universal password in the background are basically

A hundred percent.

However, some people say that if the GPC magic conversion is enabled for the PHP site, it will escape special characters and completely eliminate them.

PHP injection.

In fact, I have never thought about this, and I have never tried to use a universal password to enter the PHP background.

In fact, whether or not the GPC magic switch is enabled has no effect on entering the background with a universal password.

If you use such a universal password or = or, of course, you cannot enter it because the single quotes will be converted when GPC is enabled.

The commonly used universal password for PHP injection is: or 1 = 1 /*.

Then let's analyze why this can be used in the background.

If the SQL statement is written as follows: "SELECT * FROM admin where name =". $ _ POST [name]. "and

Password = ". $ _ POST [password]." ", enter the omnipotent password or 1 = 1/* in the account.

Select * from admin where name = 'or 1 = 1/* and password = any character.

/* It is the mysql annotator, so that all the subsequent things are commented out, that is, why the password is lost at will.

If the GPC conversion is not enabled, see where name = 'or 1 = 1 (*/The following content is commented out ),

The logical value of name = 'is false, while the logical value of 1 = 1 is true. False or true for the whole, and the final logical value

If it is still true, it will go to the background.

If the GPC conversion is enabled, the single quotation marks are converted. The statement becomes where name = 'or 1 = 1, in

Let's take a look at the difference with the one we just made. Name = is the same as the logical value of name =. All values are false. That 1 = 1

True: isn't the logical value of the total SQL statement true? Is there any reason for not going to the background?

So in general, the php website's universal password can be written as follows: or 1 = 1/*, and whether the GPC conversion is enabled does not have any

What is the impact!

So please change your mind: php websites with injection in the browser can use the universal password or 1 = 1.