热门标签
热门文章
- 1前言:我是如何学习NLP的基础知识的&个人对于NLP和CV相关的内容的异同分析_如何学习cv和nlp
- 2idea中最大化代码编辑窗口快捷键_idea 编辑区域最大
- 3【托福考场考点1】山东大学托福考点详情及考友评价_托福在山东哪里考
- 4[太原理工大学] 2023 大三下 信息安全技术考试 选择填空判断简答_系统进程对文件和目录是主客体关系吗
- 5数据结构之map和set_map与set组合使用
- 6懵逼!阿里一面就被虐了,幸获内推华为技术四面,成功拿到offer
- 7软考证到底有多大个鸟用?_软考有什么用
- 8拟合是什么意思
- 9彻底卸载IDEA_idea彻底卸载
- 10数字化营销云与IPFS有效结合 以创新重塑行业格局_运营商数据接入ipfs
当前位置: article > 正文
PHP、MySQL 注入_mysql注入kali
作者:菜鸟追梦旅行 | 2024-05-15 16:38:28
赞
踩
mysql注入kali
Welcome to the NetSPI SQL Injection Wiki:https://sqlwiki.netspi.com/
因为需要了解下 SQL 注入,就使用 PHP 自己写了一个只有一个网页的网站测试下,现在记录下过程。。。
直接使用的 KALI系统 (KALI官网:Kali Linux | Penetration Testing and Ethical Hacking Linux Distribution)。KALI 是一个渗透测试的神器。集成了好多黑客工具,当然也就集成了许多开发所需的环境。
这里只涉及 MySQL 和 apache
启动 MySQL :
root@kali:~# systemctl start mysql //启动 mysql 服务
root@kali:~# systemctl status mysql //查看 mysql 状态
SQL 建表脚本(添加一些测试数据):
MySQL样例数据库脚本:MySQL样例数据库脚本_数据库脚本-MySQL代码类资源-CSDN下载
- DROP SCHEMA IF EXISTS world;
- CREATE SCHEMA world;
- USE world;
- SET AUTOCOMMIT=0;
-
- --
- -- Table structure for table `City`
- --
-
- DROP TABLE IF EXISTS `City`;
-
- CREATE TABLE `City` (
- `ID` int(11) NOT NULL AUTO_INCREMENT,
- `Name` char(35) NOT NULL DEFAULT '',
- `CountryCode` char(3) NOT NULL DEFAULT '',
- `District` char(20) NOT NULL DEFAULT '',
- `Population` int(11) NOT NULL DEFAULT '0',
- PRIMARY KEY (`ID`),
- KEY `CountryCode` (`CountryCode`),
- CONSTRAINT `city_ibfk_1` FOREIGN KEY (`CountryCode`) REFERENCES `Country` (`Code`)
- ) ENGINE=InnoDB AUTO_INCREMENT=4080 DEFAULT CHARSET=latin1;
-
-
- --
- -- Dumping data for table `City`
- --
- -- ORDER BY: `ID`
-
- INSERT INTO `City` VALUES (1,'Kabul','AFG','Kabol',1780000);
- INSERT INTO `City` VALUES (2,'Qandahar','AFG','Qandahar',237500);
- INSERT INTO `City` VALUES (3,'Herat','AFG','Herat',186800);
- INSERT INTO `City` VALUES (4,'Mazar-e-Sharif','AFG','Balkh',127800);
- INSERT INTO `City` VALUES (5,'Amsterdam','NLD','Noord-Holland',731200);
- INSERT INTO `City` VALUES (6,'Rotterdam','NLD','Zuid-Holland',593321);
- INSERT INTO `City` VALUES (7,'Haag','NLD','Zuid-Holland',440900);
- INSERT INTO `City` VALUES (8,'Utrecht','NLD','Utrecht',234323);
- INSERT INTO `City` VALUES (9,'Eindhoven','NLD','Noord-Brabant',201843);
- INSERT INTO `City` VALUES (10,'Tilburg','NLD','Noord-Brabant',193238);
- COMMIT;
- --
- -- Table structure for table `Country`
- --
-
- DROP TABLE IF EXISTS `Country`;
-
- CREATE TABLE `Country` (
- `Code` char(3) NOT NULL DEFAULT '',
- `Name` char(52) NOT NULL DEFAULT '',
- `Continent` enum('Asia','Europe','North America','Africa','Oceania','Antarctica','South America') NOT NULL DEFAULT 'Asia',
- `Region` char(26) NOT NULL DEFAULT '',
- `SurfaceArea` float(10,2) NOT NULL DEFAULT '0.00',
- `IndepYear` smallint(6) DEFAULT NULL,
- `Population` int(11) NOT NULL DEFAULT '0',
- `LifeExpectancy` float(3,1) DEFAULT NULL,
- `GNP` float(10,2) DEFAULT NULL,
- `GNPOld` float(10,2) DEFAULT NULL,
- `LocalName` char(45) NOT NULL DEFAULT '',
- `GovernmentForm` char(45) NOT NULL DEFAULT '',
- `HeadOfState` char(60) DEFAULT NULL,
- `Capital` int(11) DEFAULT NULL,
- `Code2` char(2) NOT NULL DEFAULT '',
- PRIMARY KEY (`Code`)
- ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
-
-
- --
- -- Dumping data for table `Country`
- --
- -- ORDER BY: `Code`
-
- INSERT INTO `Country` VALUES ('ABW','Aruba','North America','Caribbean',193.00,NULL,103000,78.4,828.00,793.00,'Aruba','Nonmetropolitan Territory of The Netherlands','Beatrix',129,'AW');
- INSERT INTO `Country` VALUES ('AFG','Afghanistan','Asia','Southern and Central Asia',652090.00,1919,22720000,45.9,5976.00,NULL,'Afganistan/Afqanestan','Islamic Emirate','Mohammad Omar',1,'AF');
- INSERT INTO `Country` VALUES ('AGO','Angola','Africa','Central Africa',1246700.00,1975,12878000,38.3,6648.00,7984.00,'Angola','Republic','Jos?Eduardo dos Santos',56,'AO');
- INSERT INTO `Country` VALUES ('AIA','Anguilla','North America','Caribbean',96.00,NULL,8000,76.1,63.20,NULL,'Anguilla','Dependent Territory of the UK','Elisabeth II',62,'AI');
- INSERT INTO `Country` VALUES ('ALB','Albania','Europe','Southern Europe',28748.00,1912,3401200,71.6,3205.00,2500.00,'Shqip雛ia','Republic','Rexhep Mejdani',34,'AL');
- INSERT INTO `Country` VALUES ('AND','Andorra','Europe','Southern Europe',468.00,1278,78000,83.5,1630.00,NULL,'Andorra','Parliamentary Coprincipality','',55,'AD');
- INSERT INTO `Country` VALUES ('ANT','Netherlands Antilles','North America','Caribbean',800.00,NULL,217000,74.7,1941.00,NULL,'Nederlandse Antillen','Nonmetropolitan Territory of The Netherlands','Beatrix',33,'AN');
- INSERT INTO `Country` VALUES ('ARE','United Arab Emirates','Asia','Middle East',83600.00,1971,2441000,74.1,37966.00,36846.00,'Al-Imarat al-碅rabiya al-Muttahida','Emirate Federation','Zayid bin Sultan al-Nahayan',65,'AE');
- INSERT INTO `Country` VALUES ('ARG','Argentina','South America','South America',2780400.00,1816,37032000,75.1,340238.00,323310.00,'Argentina','Federal Republic','Fernando de la R鷄',69,'AR');
- INSERT INTO `Country` VALUES ('ARM','Armenia','Asia','Middle East',29800.00,1991,3520000,66.4,1813.00,1627.00,'Hajastan','Republic','Robert Kot歛rjan',126,'AM');
- INSERT INTO `Country` VALUES ('ASM','American Samoa','Oceania','Polynesia',199.00,NULL,68000,75.1,334.00,NULL,'Amerika Samoa','US Territory','George W. Bush',54,'AS');
- COMMIT;
- --
- -- Table structure for table `CountryLanguage`
- --
-
- DROP TABLE IF EXISTS `CountryLanguage`;
-
- CREATE TABLE `CountryLanguage` (
- `CountryCode` char(3) NOT NULL DEFAULT '',
- `Language` char(30) NOT NULL DEFAULT '',
- `IsOfficial` enum('T','F') NOT NULL DEFAULT 'F',
- `Percentage` float(4,1) NOT NULL DEFAULT '0.0',
- PRIMARY KEY (`CountryCode`,`Language`),
- KEY `CountryCode` (`CountryCode`),
- CONSTRAINT `countryLanguage_ibfk_1` FOREIGN KEY (`CountryCode`) REFERENCES `Country` (`Code`)
- ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
-
- --
- -- Dumping data for table `CountryLanguage`
- --
- -- ORDER BY: `CountryCode`,`Language`
-
- INSERT INTO `CountryLanguage` VALUES ('ABW','Dutch','T',5.3);
- INSERT INTO `CountryLanguage` VALUES ('ABW','English','F',9.5);
- INSERT INTO `CountryLanguage` VALUES ('ABW','Papiamento','F',76.7);
- INSERT INTO `CountryLanguage` VALUES ('ABW','Spanish','F',7.4);
- INSERT INTO `CountryLanguage` VALUES ('AFG','Balochi','F',0.9);
- INSERT INTO `CountryLanguage` VALUES ('AFG','Dari','T',32.1);
- INSERT INTO `CountryLanguage` VALUES ('AFG','Pashto','T',52.4);
- INSERT INTO `CountryLanguage` VALUES ('AFG','Turkmenian','F',1.9);
- INSERT INTO `CountryLanguage` VALUES ('AFG','Uzbek','F',8.8);
- INSERT INTO `CountryLanguage` VALUES ('AGO','Ambo','F',2.4);
- INSERT INTO `CountryLanguage` VALUES ('AGO','Chokwe','F',4.2);
- COMMIT;
-
- SET AUTOCOMMIT=1;
启动 apache
root@kali:~# systemctl start apache2
root@kali:~# systemctl status apache2
apache 的默认主页是 /var/www/html/index.html。直接访问 http://localhost/index.html
修改 index.html 为 index.php
index.php 内容如下: (数据库连接部分参考:https://www.runoob.com/php/php-pdo.html)
- <?php
- ini_set("display_errors", "On");
- error_reporting(E_ALL | E_STRICT);
-
- print('Hello '); // 输出 "Hello " 并且没有换行符
- echo "World\n"; // 输出 "World" 并且换行
- echo "<br />";
- echo "<hr />";
- echo '<p align="center">DataBase connect test</p>';
-
-
- $dbms='mysql'; //数据库类型
- $host='127.0.0.1'; //数据库主机名
- $dbName='world'; //使用的数据库
- $user='root'; //数据库连接用户名
- $pass=''; //对应的密码
- $dsn="$dbms:host=$host;dbname=$dbName";
-
- try {
- // 连接到数据库
- $dbh = new PDO($dsn, $user, $pass);
- $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- $dbh->exec('set names utf8');
- echo "连接成功<br/>";
- // sql 语句
- $strsql="SELECT id,name,countrycode FROM `City` LIMIT 5";
- //你还可以进行一次搜索操作
- foreach ($dbh->query($strsql) as $row) {
- //print_r($row); //你可以用 echo($GLOBAL); 来看到这些值
- echo "id: {$row['id']} ";
- echo "name: {$row['name']} ";
- echo "countrycode: {$row['countrycode']} ";
- echo "<br />";
- }
- $dbh = null;
- } catch (PDOException $e) {
- die ("Error!: " . $e->getMessage() . "<br/>");
- }
- ?>
-
- <br />
- <hr />
- <p align="center">input test</p>
- <form>
- <div>
- Input Query ID:
- <input type="text" name="search" style="width:60%;" >
- <input type="submit" name="submit" value="Search" >
- <br /><br />
- SQL Query String :
- <?php
- if(isset($_GET['submit']))
- {
- $val = $_GET['search'];
- $str_sql = "SELECT id,name,countrycode FROM City where id = $val";
- echo "<b>$str_sql</b>";
- echo "<br />";
- $dbms='mysql'; //数据库类型
- $host='127.0.0.1'; //数据库主机名
- $dbName='world'; //使用的数据库
- $user='root'; //数据库连接用户名
- $pass=''; //对应的密码
- $dsn="$dbms:host=$host;dbname=$dbName";
-
- try {
- // 连接到数据库
- $dbh = new PDO($dsn, $user, $pass);
- $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- $dbh->exec('set names utf8');
- echo "<br /><br />";
- // 遍历
- foreach ($dbh->query($str_sql) as $row)
- {
- //print_r($row); //你可以用 echo($GLOBAL); 来看到这些值
- echo '<table border="1">';
- echo "<tr>";
- echo "<td>";
- echo "id: {$row['id']} ";
- echo "</td>";
- echo "<td>";
- echo "name: {$row['name']} ";
- echo "</td>";
- echo "<td>";
- echo "countrycode: {$row['countrycode']} ";
- echo "</td>";
- echo "</tr>";
- echo "</table>";
- }
- $dbh = null;
- }
- catch (PDOException $e)
- {
- die ("Error!: " . $e->getMessage() . "<br/>");
- }
- }
- else
- {
- echo "please input the number ID !!!";
- }
- ?>
- </div>
- </form>
浏览器直接访问:http://localhost/index.php
mysql 数据库中结果
到此,我的第一个 php 程序结束。。。。。
一个 简单的 SQL 注入验证
输入要查询的 ID (数字),点击 search 按钮,注意 浏览器 url 变化,传递一个参数 search=1 。然后下面显示查询结果。
现在修改 URL 传递的参数。
修改后的 URL 为 :http://localhost/index.php?search=1 or '1'='1'&submit=Search
再来一个复杂点的 SQL 注入验证:
URL:http://localhost/index.php?search=1 union select code,name,region from Country LIMIT 5;&submit=Search
一个读取文件的 SQL 注入
至此,一个简单的 SQL 注入验证完成。SQL 注入不止这些东西,以后慢慢学习研究。。。
SQL注入攻击与防御 第二版:http://download.csdn.net/detail/hx0_0_8/9284595
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/菜鸟追梦旅行/article/detail/573878
推荐阅读
相关标签
