用 SQL 注入破解 PHP 代码 [英] Hacking PHP code with SQL injection

问题描述

我有一些这样的代码对 SQL 注入是开放的.我们被黑了，现在我们修复了它.我只想知道输入(用户名和密码)必须是什么才能破解此代码.我的意思是即使你输入

I have some code like this which is open to SQL injection. We got hacked and now we fixed it. I just want to know what the inputs (username and password) must be in order to hack this code. I mean even if you input

username = something' OR 'x'='x

然后您可以检索表中第一个用户的密码，而不管用户名如何.但是，在 if 中，我们检查此密码是否正确.我假设密码非常简单(就像 123456 一样简单)并且黑客从字典中进行了暴力破解.但是我想知道是否有另一种方法可以使用某种注入而不是暴力破解密码来破解此代码.

Then you can retrieve the password of the first user in the table regardless of the username. However, inside the if we check whether this password is correct. I am assuming the password was very easy (as easy as 123456) and the hacker made a brute-force from a dictionary. However I am wondering if there is another way to hack this code using some injection other than brute-forcing the password.

<?php
$username=$_POST['username'];
$password=$_POST['password'];

$result=runQuery("SELECT password FROM tbl_users WHERE username='".$username."''");
$row=mysql_fetch_array($result);

if($row['password']==$password){
    -- do sth... create a cookie etc..
}
else{
    --go to another page...
}
?>

推荐答案

在 PDO 库中使用变量绑定.

Use variable binding in PDO library.

这篇关于用 SQL 注入破解 PHP 代码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！