Question

in a week, I will have to present in the university about SQL injection and how is this hack implemented. I was wondering if there is any available vulnerable scripts that i can download and put in a local server to test on.

Thanks in advance.

Answer 1

简单示例： https://www.w3schools.com/sql/sql_injection.asp

这里有一些PHP代码和一个查询，说明为什么不使用参数是危险的：

txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;

通常，如果用户输入ID作为数字（例如2），则查询将如下所示： txtSQL =“SELECT * FROM Users WHERE UserId = 2”;

但是，如果用户输入值“0 OR 1 = 1”，则无论选择的ID是否存在，他们都可以选择。 1 = 1部分将确保将返回所有记录。

txtSQL = "SELECT * FROM Users WHERE UserId = 0 or 1=1";

这个例子更危险的是用户ID被发送为“0; DROP表用户”。在适当的环境中，像这样的东西可能会掉桌，造成伤害。它产生了这个查询：

 txtSQL = "SELECT * FROM Users WHERE UserId = 0; DROP Table Users";

Answer 2

Damn Vulnerable Web Application (DVWA)对于大多数类型的Web攻击

any free to download vulnerable SQL injection script?

2 个答案: