通过addslashes()进行SQL注入的示例? [英] Examples of SQL Injections through addslashes()?
问题描述
在PHP中,我知道mysql_real_escape
比使用addslashes
安全得多.
但是,我找不到addslashes
会让SQL注入发生的情况的例子.
In PHP, I know that mysql_real_escape
is much safer than using addslashes
.
However, I could not find an example of a situation where addslashes
would let an SQL Injection happen.
有人可以举一些例子吗?
Can anyone give some examples?
推荐答案
好,这是您想要的文章.
基本上,攻击的工作方式是通过使addslashes()
在多字节字符的中间放置反斜杠,从而使反斜杠成为有效的多字节序列的一部分而失去其含义.
Basically, the way the attack works is by getting addslashes()
to put a backslash in the middle of a multibyte character such that the backslash loses its meaning by being part of a valid multibyte sequence.
该文章的一般警告:
任何类型的字符编码都可能导致这种类型的攻击, 存在一个以
0x5c
结尾的有效多字节字符,因为 可以诱骗addslashes()
创建有效的多字节字符 而不是转义后面的单引号. UTF-8不适合 这个描述.
This type of attack is possible with any character encoding where there is a valid multi-byte character that ends in
0x5c
, becauseaddslashes()
can be tricked into creating a valid multi-byte character instead of escaping the single quote that follows. UTF-8 does not fit this description.
这篇关于通过addslashes()进行SQL注入的示例?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!