Home >Backend Development >PHP Tutorial >Analysis of the actual role of PHP universal password_PHP tutorial

Analysis of the actual role of PHP universal password_PHP tutorial

WBOY
WBOYOriginal
2016-07-15 13:32:34961browse

About

But some people say that if the GPC magic conversion is turned on for a PHP site, special symbols will be escaped, completely eliminating PHP injection. In fact, the person who said this has not thought about it carefully, let alone tried to use a universal password to enter the backend of PHP.

In fact, whether GPC magic conversion is turned on or not has no impact at all on using PHP universal password to enter the backend. If you use the universal password 'or'='or', of course you won't be able to get in. The reason is that the single quotes will be converted when GPC is turned on. The PHP universal password I commonly use when injecting PHP is: 'or 1=1/*.

Then let’s analyze why this can enter the background. If the sql statement is written like this: "SELECT * FROM admin where name='".$_POST['name']."'andpassword='".$_POST['password']."'", then we enter it at the account number Universal password 'or 1=1/*', enter the password casually, and the sql statement becomes select * from admin where name=''or 1=1/*' and password='any character'. /* is the comment character of mysql, so that everything behind it will be commented out, which is why the password can be entered casually.

Assuming that GPC conversion is not turned on, then please see: where name=''or 1=1 (*/The following things are commented out), the logical value of name='' is false, and the following The logical value of 1=1 is true, and it becomes false or true for the whole. The final logical value is still true, and it enters the background.

Then if GPC conversion is turned on, single quotes will be converted. The statement becomes where name=’’or 1=1. Let’s take a look at the difference from just now. It’s just that there are more. The logical values ​​of name='' and name='' are the same, both are false. Then 1=1 is true. Isn't the logical value of the total SQL statement still true? Is there any reason why I can't go backstage?

So in general, the PHP universal password can be written like this: 'or 1=1/*, and whether GPC conversion is turned on or not has no effect on it! So please change your mind: PHP websites with character injection can use universal password 'or 1=1/*


www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/446120.htmlTechArticleAbout but some people say that if GPC magic conversion is turned on on a PHP site, special symbols will be escaped. , completely eliminating PHP injection. In fact, the person who said this has not thought about it carefully, let alone tasted it...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn