通过mysql_query进行SQL注入 [英] SQL Injection through mysql_query
问题描述
我正在一个通过SQL注入被黑客入侵的网站(乍看之下,只有数据库条目因跨站点脚本而损坏),我在查看代码后发现的潜在漏洞是有很多mysql_query调用其输入完全不会转义.
I'm working on a site that has been hacked through SQL Injection (at first glance only db entries are corrupted with cross-site scripting) the potential vulnerability I found after looking at the code is that there's a lot of mysql_query call whose inputs are not escaped at all.
好老人:
$query = "SELECT * FROM mytable where name LIKE '%".$_GET['name']."%'"; /*HACK HERE*/
mysql_query($query, $connection);
尽管如此,我找不到如何从注入漏洞中做一些很棒的事情(酷"是指类似INSERT或UPDATE的事情).我试图建立这样一个声明:
Nevertheless I can't find how can we do something cool from that injection vulnerability (by cool I mean something like an INSERT or an UPDATE). I've tried to build a statement like this one :
SELECT * FROM mytable where name LIKE '%' AND WHERE id IN (INSERT INTO secondtable (id,description) VALUES (15, 'Fifteenth description');--%'
没有成功.我想INSERT与这里无关.
No success. I guess that the INSERT has nothing to do here.
我现在正在转义代码中所有用户的输入,但是我还没有真正了解黑客如何渗透到此站点,所以我不是100%地确定我的修补程序可以完成这项工作.有什么好建议吗?
I'm escaping all user's inputs in the code right now but I've not really get how hackers have penetrated this site, then I'm not 100% sure that my fix will do the job. Any brilliant suggestions ?
谢谢
推荐答案
取决于您使用的mysql版本和连接设置,mysql_query可能允许
Depending upon the version of mysql you are using, and the setup of the connection, mysql_query may allow more than one statement.
You should look at how the connection is being created, and for any usage of mysql_set_server_option.
这篇关于通过mysql_query进行SQL注入的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!