SQL注入函数' - +'

时间:2015-11-17 15:30:27

标签: php sql sql-injection

我设置了一个示例服务器,以了解有关SQL注入的更多信息。 我在http://sechow.com/bricks/docs/content-page-3.html找到了一条指令 其中包含以下示例:

POST Data: username=tom' order by 1 -- +&submit=Submit
SQL Query: SELECT * FROM users WHERE name='harry' ORDER BY 1 -- +' 
The page displays the content without any issues and there are no error messages.

查询结尾的' - +'功能是什么?

提前谢谢!

1 个答案:

答案 0 :(得分:3)

评论其余代码。注入部分是ORDER BY 1

想象一下你的代码是

WHERE login = 'tom' and password 'i dont know'

将改为

WHERE login = 'harry' ORDER BY 1 -- +and password 'i dont know'

修改

我刚读了这个例子。 + '将关闭字符串

看看2之后的结果是'

POST Data: username=tom' and 1='2&submit=Submit
SQL Query: SELECT * FROM users WHERE name='harry' AND 1='2'

你的其他版本将是

POST Data: username=tom' order by 1 -- +&submit=Submit
SQL Query: SELECT * FROM users WHERE name='harry' ORDER BY 1 -- +' 

SELECT * FROM users 
WHERE name='harry' 
ORDER BY 1 -- + ''
相关问题
最新问题