¹ØÓÚSQL×¢ÈëµÄ¼¸Àà´íÎóºÍ²úÉúµÄÔ­Àí._SQL SERVERÊý¾Ý¿â_ºÚ¿Í·ÀÏßÍø°²·þÎñÆ÷ά»¤»ùµØ--Powered by WWW.RONGSEN.COM.CN

¹ØÓÚSQL×¢ÈëµÄ¼¸Àà´íÎóºÍ²úÉúµÄÔ­Àí.

×÷ÕߣººÚ¿Í·ÀÏßÍø°²SQLά»¤»ùµØ À´Ô´£ººÚ¿Í·ÀÏßÍø°²SQLά»¤»ùµØ ä¯ÀÀ´ÎÊý£º0

±¾Æª¹Ø¼ü´Ê£º²úÉúÔ­Àí´íÎó×¢Èë
ºÚ¿Í·ÀÏßÍø°²ÍøѶ£º    ¶ÔÓÚ×¢Èë¶øÑÔ£¬´íÎóÌáʾÊǼ«ÆäÖØÒª¡£Ëùν´íÎóÌáʾÊÇÖ¸ºÍÕýÈ·Ò³Ã治ͬµÄ½á¹û·´À¡£¬¸ßÊÖÊǺÜÖØÊÓÕâ¸öÒ»µãµÄ£¬Õâ¶ÔÓÚ×¢ÈëµãµÄ¾«×¼ÅжÏÖÁ¹ØÖØÒª¡£±¾ÎÊÌÖÂÛϹØÓÚ¼¸Àà´íÎóºÍËû²úÉúµÄÔ­Àí£¬Ï£...

    ¶ÔÓÚ×¢Èë¶øÑÔ£¬´íÎóÌáʾÊǼ«ÆäÖØÒª¡£Ëùν´íÎóÌáʾÊÇÖ¸ºÍÕýÈ·Ò³Ã治ͬµÄ½á¹û·´À¡£¬¸ßÊÖÊǺÜÖØÊÓÕâ¸öÒ»µãµÄ£¬Õâ¶ÔÓÚ×¢ÈëµãµÄ¾«×¼ÅжÏÖÁ¹ØÖØÒª¡£±¾ÎÊÌÖÂÛϹØÓÚ¼¸Àà´íÎóºÍËû²úÉúµÄÔ­Àí£¬Ï£Íû¶Ô¶ÁÕßÓÐËù°ïÖú¡£

´íÎóÌáʾÖ÷ÒªÓÐÂß¼­´íÎóºÍÓï·¨´íÎóÒÔ¼°½Å±¾ÔËÐдíÎóÈýÀà¡£

Ò»£ºÂß¼­´íÎó

¼òµ¥µÄÀý×ÓÊÇ1=1 1=2ÕâÁ½¸ö£¬1=1Óë1=2Ò³Ã治ͬµÄÔ­ÀíÊÇʲô£¿ÒÔ$sql = ¡°select * from news where id=$_GET£Ûid£Ý¡±ÎªÀý¡£

select * from news where id=1 and 1=2²úÉúµÄ½á¹û¼¯ÎªNULL£¬È»ºó³ÌÐòÈ¡ÖµµÃʱºò£¬¾Í»áÈ¥³ö¿ÕÖµ£¬ÎÞ·¨ÏÔʾ¡£µ±È»ÓеijÌÐò·¢ÏÖSQLÖ´Ðнá¹û¼¯Îª¿Õ£¬¾ÍÁ¢¼´Ìøת£¬Ð§¹û¾Í²»ÏÔÄñ¡£ÖµµÃ×¢ÒâµÄÊÇ£¬ÓеÄÈçOracle PostgresqlµÄÊý¾Ý¿âÔÚ½á¹û¼¯Îª¿ÕÇé¿öÏ»áÔÙÒ³ÃæÉϱíÏÖ×Ö·ûÐÍnull×ÖÑù£¬ÕâËãÊǸöÌص㡣Èç¹ûʹÓÃorÌõ¼þ£¬±ÈÈç

select * from news where id=1 or 1=1

ºÍand 1=2µÃ½á¹ûÕýºÃÏà·´£¬ËûµÄ½á¹û¼¯Ê®·ÖÅÓ´ó¡£Èç¹ûSQLÓï¾äÈç´Ë£¬ÔÙ¼ÓÉϳÌÐòÊÇÑ­»·¶ÁÈ¡½á¹û¼¯£¨Ò»Ð©±à³ÌÉϵĪϰ£©ÄÇô»áÈ¡³öËùÓнá¹û£¬½á¹û¿ÉÄÜÔËÐкÜÂý£¬ÔÚÊý¾ÝÁ¿¾Þ´óµÄoracleÉÏÈÝÒ׳öÏÖ¡£Õâ¸öÀý×Ó»á³öÏÖʲôÄØ£¬Ò»°ã³ÌÐòÈ¡³ö½á¹û¼¯ÖеĵÚÒ»Ìõ½á¹û£¬ÄÇôºÜ¿ÉÄÜÒѾ­²»ÊÇid=1µÄÄÇÌõÐÂÎÅÁË£¬Õâ¾ÍÊÇÓÉЩС²ËÆæ¹ÖÓÐʱºòor 1=1Ò³Ãæ»á·¢Éú±ä»¯µÄÔ­Òò¡£

¹é¸ùµ½µ×£¬¶¼Êǽá¹û¼¯²»Í¬Ôì³ÉµÄ£¬Áé»îÕÆÎÕÊǹؼü£¬Õâ²¢·Çµ¥´¿µÄ¾­ÑéÎÊÌâ¡£

¶þ£ºÓï·¨´íÎó

Óï·¨´íÎóʱ±È½ÏÊìϤµÄ£¬±ÈÈç¶ÔÓÚSQL Server£¬PgSQL£¬SybaseµÄ×¢Èë´íÎóÌáʾ¶¼ºÜÖØÒª£¬ÒòΪÀûÓÃËüµÄÌØÐÔÀ´»ñÈ¡ÐÅÏ¢ºÜ¿ìËÙ¡£Óï·¨´íÎóÔì³ÉµÄ½á¹û¿ÉÄÜÊÇSQL´íÎó¶øÖжϽű¾Ö´ÐУ¬µ«Êǽű¾»ò·þÎñÆ÷ÉèÖÃÆÁ±Î´íÎóµÄÇé¿öÏ£¬³ÌÐòµÃµ½¼ÌÐøÖ´ÐУ¬µ«Êǽá¹û¼¯²»´æÔÚ£¬Á¬NULL¶¼Ëã²»ÉÏ£¬·´À¡¸ø¹¥»÷ÕߵĺܿÉÄܾÍÊǽá¹û¼¯Îª¿ÕµÄÇé¿ö£¬ÆäʵÕâÊǽű¾µÄ´¦Àí½á¹û¡£µ±È»Oracle PgSQL±íÏÖnull¡£

Èý£ºÔËÐдíÎó²»ÓÃ˵ÁË£¬µäÐ͵ľÍÊÇÀûÓÃmysql×¢ÈëbenchmarkÈýű¾ÔËÐг¬Ê±µÃµ½ÎïÀí·¾¶£¬ÒÔ¼°ÀûÓó¬Ê±À´»ñµÃ²»Í¬µÄ±íÕ÷½øÐÐäעÈë¡£

ËÄ£ºÂß¼­´íÎóºÍÓï·¨´íÎóµÄ½áºÏ¡£

µ±±íÕ÷¼«²»Ã÷ÏÔµÄʱºò£¬ÀûÓÃÀàËÆiffÕâÑùµÄº¯Êý½øÐÐÕýÈ·Óë·ñµÄÇø·ÖÓÐʱºò»á³É¾ÈÃüµ¾²Ý¡£ÒòΪÓï·¨´íÎóºÍÂß¼­´íÎóµÄ±íÕ÷´ó¶àÊýÇé¿ö¶¼»áÓв»Í¬¡£

iff£¨1=1£¬1£¬¡®no¡¯£©Õâ¸ö»á²úÉú½á¹û1 ×¢ÒâÊÇÊý×Ö£¬¶øiff£¨1=2£¬1£¬¡®no¡¯£©Õâ¸ö»á²úÉú¡®no¡¯ ÊÇ×Ö·û¡£ÄÇô

id=1 and 1=iff£¨1=1£¬1¡®no¡¯£©ÕýÈ·ÊDZØÈ»³ÉÁ¢µÄ£¬¶øid=1 and 1=iff£¨1=2£¬1£¬¡®no¡¯£©»áÒòΪÀàÐͲ»Í¬·¢ÉúÓï·¨´íÎó¡£²»¹ý¿ÉϧµÄÊÇËƺõÖ§³Öiffº¯ÊýµÄÊý¾Ý¿â²»¶à£¬ºÇºÇ¡£

ÏÖÔÚ½²½á¹û¼¯ÔÚ×¢ÈëÖеÄÀûÓÃÔ­Àí¡£

Ò»£º´Ó¡®or¡¯¡®=¡¯¿ªÊ¼

ÕâÊÇѧϰSQL×¢ÈëµÄ³õ¼¶¿Î³Ì£¬µÇ½©¶´¡£ÎÒ¼òÂÔ´ÓSQL½á¹û¼¯ÉÏ·ÖÎö¡£

$sql = ¡°select top 1 * from admin where username=¡®$username¡¯ and password=md5£¨¡®$password¡¯£©¡±;

ÏÔ¶øÒ×¼û£¬¡®or¡¯¡®=¡¯µÄ¼ÓÈëʹSQLÓï¾ä·µ»ØÁËÒ»Ìõ¼Ç¼£¬Õâ²ÅʹÑé֤ͨ¹ý¡£

¶þ£ºÔÙ¿´ÏÖÔÚµÄÑéÖ¤ÖеÄSQL

$sql = ¡°select top 1 * from admin where username=¡®$username¡¯¡±;

½á¹û¼¯²»Îª¿Õ²Å¸ù¾Ý³éÈ¡µÄ¼Ç¼¼¯ÖеÄÃÜÂëÖµÓëÓû§Ìá½»µÄÃÜÂëMD5Öµ½øÐбȶÔÀ´½øÐÐÑéÖ¤¡£ÕâÑù£¬ÄãͻȻ·¢ÏÖ¡®or¡¯¡®=¡¯µÄ¼Æ²ßʧ°ÜÄñ£¬µ«ÊǺǫ́Ã÷Ã÷ÓÐ×¢È룬Õâ¾ÍÊÇÑéÖ¤·½·¨Ôì³ÉµÄ¡£¸ú½øÕâ¸öÑéÖ¤¹ý³Ì£¬¡®or¡¯¡®=¡¯µÄÈ·²úÉúÁËÒ»¸ö½á¹û¼¯£¨admin±íÖеĵÚÒ»ÐмǼ£©µ«ÊÇÒź¶µÄÊ£¬ºóÀ´µÄÃÜÂë±È¶Ôû·¨Í¨¹ý£¬ÑéÖ¤ÎÞ·¨³É¹¦¡£

˼·ºÜ¼òµ¥£¬ÍøÉÏÓа¸Àý£¬ÎÒÖØÔÚÔ­Àí£¬ÀûÓÃunionÀ´²úÉúÏëÒªµÄ½á¹û¼¯¡£±ÈÈç¡®and£¨1=2£©union select top 1 username£¬¡¯123456µÃmd5Öµ¡®£¬id from admin where username=¡¯admin

ÕâÑù²úÉúÁËadminµÄ¼Ç¼ÐÅÏ¢£¬µ«ÊǼǼ¼¯ÖеÄÃÜÂëÄǸöλÖõÄÖµ±»Ìæ»»³ÉÁË123456µÄmd5Öµ£¬ÕâÑù£¬Ê¹ÓÃadmin 123456ͨ¹ýÑéÖ¤²¢ÇҼ̳ÐËûµÄȨÀû¡£

¸üÓÐÉõÕßÈ«²¿Óá®xxx¡¯µÄ·½·¨À´Ã¤¾Ñ£¬Õâ¾ÍºÜ¡°¹ý·Ö¡±Äñ¡£²»¹ýÔÚsql2000 sybaseÕâЩÑϸñÒªÇóÀàÐÍÆ¥ÅäµÄÊý¾Ý¿âÀ´Ëµ£¬ÕâÑù²»Äܺ³¶¯¡°¹ÜÀíÔ±µÇ½¡±µÄ£¬ÒòΪִÐÐʱ·¢ÉúÁËÓï·¨´íÎ󣬽á¹û¼¯ÎªNULL¡£ÁíÍâÒÔÇ°ewebeditor×¢È멶´À´ÉÏ´«ÂíÒ²ÊÇÕâ¸öunion²Ù×÷½á¹û¼¯À´´ïµ½Ä¿µÄµÄ¾­µä°¸Àý¡£

    ºÚ¿Í·ÀÏßÍø°²·þÎñÆ÷ά»¤·½°¸±¾ÆªÁ¬½Ó£ºhttp://www.rongsen.com.cn/show-10905-1.html
Íøվά»¤½Ì³Ì¸üÐÂʱ¼ä:2012-03-21 03:12:15  ¡¾´òÓ¡´ËÒ³¡¿  ¡¾¹Ø±Õ¡¿
ÎÒÒªÉêÇë±¾Õ¾£ºNµã | ºÚ¿Í·ÀÏß¹ÙÍø |  
רҵ·þÎñÆ÷ά»¤¼°Íøվά»¤ÊÖ¹¤°²È«´î½¨»·¾³£¬ÍøÕ¾°²È«¼Ó¹Ì·þÎñ¡£ºÚ¿Í·ÀÏßÍø°²·þÎñÆ÷ά»¤»ùµØÕÐÉ̽øÐÐÖУ¡QQ:29769479

footer  footer  footer  footer