该站点是否容易受到 SQL 注入攻击? [英] Is this site vulnerable to an SQL injection attack?

问题描述

我正在访问一个网站，但在尝试按 Enter 键时错误地输入了单引号.

I am visiting a site and I mistakenly entered a single quote while I was trying to hit the enter key.

发送的 URL 是:http://www.domain.tld/link.php?id=2603'(审查:))

The URL that got sent is: http://www.domain.tld/link.php?id=2603' (censored :) )

导致来自网站的以下响应:

Resulting in the following response from the site:

您的 SQL 语法有错误；检查与您的 MySQL 服务器版本相对应的手册，以了解在第 1 行的 ''' 附近使用的正确语法

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1

我尝试过:http://www.domain.tld/link.php?id=2603;显示表；但这没有用:P

I've tried to do: http://www.domain.tld/link.php?id=2603; SHOW TABLES; But that didn't work :P

所以我的问题是:这个站点是否容易受到 sql 注入的攻击?

So my question is: can this site vulnerable to sql injection?

推荐答案

很可能是.无需深入了解如何执行实际注入攻击的细节，您可以尝试以下操作:

Most likely yes. Without getting into the details of how to perform an actual injection attack, you could try something like:

http://www.domain.tld/link.php?id=2603';恶意代码 --

顺便说一句，我强烈建议您不要太认真地解决这个问题.以未经授权的方式访问其他计算机在美国和许多其他国家/地区是违法的，如果您做了一些破坏性的事情，他们可能会追捕您.最好的办法是联系网站的所有者，让他们确切地知道您所看到的内容，以便他们解决问题.

Incidentally, I HIGHLY recommend that you not dink around with this too diligently. Accessing other computers in an unauthorized manner is against the law in the US and many other countries, and if you do something damaging, they can come after you. The best bet is to contact the site's owner and let them know exactly what you're seeing so that they can address the issue.

这篇关于该站点是否容易受到 SQL 注入攻击?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！