Less 1
来源:互联网 发布:网络戴口罩女主播照片 编辑:程序博客网 时间:2024/06/07 00:49
mysql注入
根据错误信息猜测查询语句
报错
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1'' LIMIT 0,1' at line 1
' ' 1 ' ' LIMIT 0,1'
mysql_query() 函数执行一条 MySQL 查询mysql_query(query,connection)
?id=1'
报错
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '" LIMIT 0,1' at line 1
' " LIMIT 0,1 ' at line 1
可知 select username,password from table where id = "input"
http://localhost/sqli-labs-master/Less-3/
?id=1')
报错
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '') LIMIT 0,1' at line 1
' ') LIMIT 0,1 ' at line 1
可知 select username,password from table where id = ('input')
根据错误信息猜测查询语句
http://localhost/sqli-labs-master/Less-1/?id=1'
报错
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1'' LIMIT 0,1' at line 1
' ' 1 ' ' LIMIT 0,1'
可知 select username,password from table where id = 'input'
<?php//including the Mysql connect parameters.include("../sql-connections/sql-connect.php");error_reporting(0);// take the variables if(isset($_GET['id'])){$id=$_GET['id'];//logging the connection parameters to a file for analysis.$fp=fopen('result.txt','a');fwrite($fp,'ID:'.$id."\n");fclose($fp);// connectivity $sql="SELECT * FROM users WHERE id='$id' LIMIT 0,1";$result=mysql_query($sql);$row = mysql_fetch_array($result);if($row){ echo "<font size='5' color= '#99FF00'>"; echo 'Your Login name:'. $row['username']; echo "<br>"; echo 'Your Password:' .$row['password']; echo "</font>"; }else {echo '<font color= "#FFFF00">';print_r(mysql_error());echo "</font>"; }}else { echo "Please input the ID as parameter with numeric value";}?>
mysql_query() 函数执行一条 MySQL 查询mysql_query(query,connection)
query是一条MySQL查询语句,connection可选。规定 SQL 连接标识符。如果未规定,则使用上一个打开的连接。
返回值
mysql_query() 仅对 SELECT,SHOW,EXPLAIN 或 DESCRIBE 语句返回一个资源标识符,如果查询执行不正确则返回 FALSE。
对于其它类型的 SQL 语句,mysql_query() 在执行成功时返回 TRUE,出错时返回 FALSE。
mysql_connect() 函数打开非持久的 MySQL 连接。mysql_connect(server,user,pwd,newlink,clientflag)例:如果成功,则返回一个 MySQL 连接标识,失败则返回 FALSE。$con = mysql_connect("localhost","mysql_user","mysql_pwd");
mysql_fetch_array($result)
mysql_fetch_array() 函数从结果集中取得一行作为关联数组,或数字数组,或二者兼有
返回根据从结果集取得的行生成的数组,如果没有更多行则返回 false。
?id=1'
报错
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '" LIMIT 0,1' at line 1
' " LIMIT 0,1 ' at line 1
可知 select username,password from table where id = "input"
http://localhost/sqli-labs-master/Less-3/
?id=1')
报错
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '') LIMIT 0,1' at line 1
' ') LIMIT 0,1 ' at line 1
可知 select username,password from table where id = ('input')
0 0
- Less 1
- sqli-labs ---- Less-1 & Less-3 & Less-4
- LESS入门1
- sqlilabs闯关 less-1
- Less学习笔记1
- less
- less
- LESS
- less
- less
- less
- less
- less
- LESS
- less
- less
- less
- Less
- 关于斐波那契数列的一些总结
- 乘积最大
- 170421 汇编-方向标志位df
- mybatis-generator
- Java中Volatile关键字详解
- Less 1
- C++中的标准转换运算符
- 重写,重载,重定义
- Nginx on Windows
- #define和const的区别
- php向mysql数据库插入百万级数据的两种方法效率比较
- 【IMWeb训练营作业】vuejs【组件-下拉列表】实现
- excel文件下载(Servlet版+excel插入图片)
- Fiddler 工作原理