SQL注入表单在PHP 5.6中不起作用

问题描述 投票:-1回答:1

我正在尝试执行SQL注入(SQLi)。

我的表格是:

<form action="<?php echo $_SERVER["PHP_SELF"];?>" method="POST">
   <table>
        <tr>
            <td>Nama Properti</td>
            <td>:</td>
            <td>
                <input type="text" name="property_name">
            </td>
            <td>
                <?php if(isset($errors)) echo "<p class='errlog'>" . $errors . "</p>"; ?>
            </td>
        </tr>               
        <tr>
            <td></td>
            <td>:</td>
            <td>
                <input type="submit" name="submit-form" value="Kirim" >
            </td>
        </tr>
    </table>
</form>

我的动作是:

<?php
    if (isset($_POST["submit-form"])) {

        if (!empty($_POST["property_name"])) {

            $mysqli = new mysqli("127.0.0.1", "root", "", "belajar");
            if ($mysqli->connect_errno) {
                echo "Failed to connect to MySQL: " . $mysqli->connect_error;
                exit();
            }
            $property_name = $_POST["property_name"];
            echo $property_name; // produce 'x'); DROP TABLE kelas_lain;--
            $sql = "INSERT INTO kelas_lain (property_name) VALUES (". $property_name .")";
            echo "<br>" . $sql; // produce INSERT INTO kelas_lain (property_name) VALUES ('x'); DROP TABLE kelas_lain;--)

            if ($sql_query = $mysqli->query($sql)) {
                echo "<p class='successlog'>Success !</p>";
                echo "Returned rows are: " . $sql_query->num_rows;  
                $sql_query->free_result();
            }else{
                echo "<p class='errlog'>There is an error with SQL !</p>";
            }

            $mysqli->close();


        }else{
            $errors = "Mohon Isi Form !";                   
        }

    }
?>

我通过输入用户表单传递了此'x'); DROP TABLE kelas_lain;--,但是却收到错误echo "<p class='errlog'>There is an error with SQL !</p>";而不是成功执行了此命令INSERT INTO kelas_lain (property_name) VALUES ('x'); DROP TABLE kelas_lain;--),该命令会删除kelas_lain表。

我做了echo $sql;它显示了:

INSERT INTO kelas_lain(property_name)VALUES('x');删除表kelas_lain;-)

而且我认为一切正确。

其他

虽然我通过将查询传递给URL成功完成(SQLi)。

传递的查询为:index.php?id = siswalogin的SELECT密码,其中id = 1这是代码:

<?php 
   /*
    * Check if the 'id' GET variable is set
    */
    if (isset($_GET['id'])){
        $id = htmlspecialchars($_GET['id']);

        /* Setup the connection to the database */
        $mysqli = new mysqli('localhost', 'root', '', 'belajar');

        /* Check connection before executing the SQL query */
        if ($mysqli->connect_errno) {
            printf("Connect failed: %s\n", $mysqli->connect_error);
            exit();
        }

        /* SQL query vulnerable to SQL injection */
        $sql = "SELECT username
        FROM siswalogin
        WHERE id = $id";

        /* Select queries return a result */
        if ($result = $mysqli->query($sql)) {
            while($obj = $result->fetch_object()){
                print($obj->username);
            }
            echo "<br>" . $id; // = 1 UNION SELECT password FROM siswalogin where id=1
        }
        /* If the database returns an error, print it to screen */
        elseif($mysqli->error){
            print($mysqli->error);
        }
    }
?>
php mysqli mariadb sql-injection
1个回答
0
投票

出于安全原因(尤其是SQL注入),mysqli_query()函数不支持执行多个SQL语句。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.