SQL injection (SQL injection vulnerability)

Pre-Audit Preparation:

1, Ann PHP program (recommended Phpstudy)

2. Highlight Editor (recommended Sublimetext notepad++)

3, create a new text, copy the following variables, which are required in the audit in the source code to find

######################

$_server
$_get
$_post
$_cookie
$_request
$_files
$_env
$_http_cookie_vars
$_http_env_vars
$_http_get_vars
$_http_post_files
$_http_post_vars
$_http_server_vars
######################
**********************************************************************************************

Audit Method:

1. SQL injection (SQL injection vulnerability)

The vulnerability and seriousness are the first loopholes that have to first talk about its auditing methods;

Example 1:

#index. php

<?php
$id = $_get[' id '];
$query = "SELECT * from Users WHERE id= '". $id. ";"
...
?>

The above code translates to the following sentence:

index.php?id=1+union+select+1,@ @version, 3,4,5+from+users/*

Example 2:

#login. php
<?
#Login. PHP (Hacklele) #
$user = $_post[' user '];
$pass = $_post[' pass ');
$link = mysql_connect (' localhost ', ' root ', ' pass ') or Die (' Error: '. Mysql_e rror ());
mysql_select_db2881064151 ("Sql_inj", $link);
$query = mysql_query ("select * from sql_inj WHERE user = '". $user. "' and pas s = ' ". $pass. "'", $link);
if (mysql_num_rows ($query) = = 0) {
echo "<scripttype=\" text/javascript\ ">window.location.href= ' index.html '; </sc
Ript> ";
Exit
}
$logged = 1;
?>
These variables are stored directly in the SQL request command when the user (possibly an attacker) sends $_post[' user ', $_post[' Pass ') to login.php. If an attacker sends:

$user = 1 ' OR ' 1 ' = ' 1

$pass = 1 ' OR ' 1 ' = ' 1

Will bypass Login.php's login verification, readers should be aware of such code.

SQL injection (SQL injection vulnerability)