Php注入点构造代码
程序员文章站
2024-02-02 23:22:34
把下面保存成 test.asp 复制代码 代码如下: $mysql_server_name = "local...
把下面保存成 test.asp
<?
$mysql_server_name = "localhost";
$mysql_username = "root";
$mysql_password = "password";
$mysql_database = "phpzr"; //??ݿ??
$conn=mysql_connect( $mysql_server_name, $mysql_username, $mysql_password );
mysql_select_db($mysql_database,$conn);
$id=$_get['id'];
$sql = "select username,password from admin where id=$id";
$result=mysql_db_query( $mysql_database, $sql,$conn );
$row=mysql_fetch_row($result);
?>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>php sql injection test </title>
</head>
<body>
<p align="center"><b><font color="#ff0000" size="5" face="华文行楷"> </font><font color="#ff0000" size="5" face="华文新魏">php
注入测试专用</font></b></p>
<table width="100%" height="25%" border="1" align="center" cellpadding="0" cellspacing="0">
<tr>
<td><?=$row[0]?></td>
</tr>
<tr>
<td><?=$row[1]?></td>
</tr>
</table>
<p><u><font color="#0000ff">by:孤狐浪子 qq:393214425 </font></u></p>
<p><font color="#0000ff">blog: http://itpro.blog.163.com</font></p>
<p> </p>
</body>
</html>
创建数据库代码:保存成test.sql 使用phpmyadmin执行就ok了
create database `phpzr` ; //创建数据库名称
create table admin (
id int(10) unsigned not null auto_increment,
username char(10) not null default '',
password char(10) not null default '',
useremail char(20) not null default '',
groupid int(11) not null default '0',
primary key (id)
) type=myisam;
insert into admin values (1, 'admin', 'itpro.blog.163.com','itpro@163.com', 1);
insert into admin values (2, 'admin1', 'itpro.blog.163.com','itpro@163.com', 2);
insert into admin values (3, 'admin2', 'itpro.blog.163.com','itpro@163.com', 3);
insert into admin values (4, 'admin3', 'itpro.blog.163.com','itpro@163.com', 4);
insert into admin values (5, 'admin4', 'itpro.blog.163.com','itpro@163.com', 5);
create table admin1 (
id int(10) unsigned not null auto_increment,
username char(10) not null default '',
password char(10) not null default '',
useremail char(20) not null default '',
groupid int(11) not null default '0',
primary key (id)
) type=myisam;
insert into admin1 values (1, 'admin', 'itpro.blog.163.com','itpro@163.com', 1);
insert into admin1 values (2, 'admin1', 'itpro.blog.163.com','itpro@163.com', 2);
insert into admin1 values (3, 'admin2', 'itpro.blog.163.com','itpro@163.com', 3);
insert into admin1 values (4, 'admin3', 'itpro.blog.163.com','itpro@163.com', 4);
insert into admin1 values (5, 'admin4', 'itpro.blog.163.com','itpro@163.com', 5);
复制代码 代码如下:
<?
$mysql_server_name = "localhost";
$mysql_username = "root";
$mysql_password = "password";
$mysql_database = "phpzr"; //??ݿ??
$conn=mysql_connect( $mysql_server_name, $mysql_username, $mysql_password );
mysql_select_db($mysql_database,$conn);
$id=$_get['id'];
$sql = "select username,password from admin where id=$id";
$result=mysql_db_query( $mysql_database, $sql,$conn );
$row=mysql_fetch_row($result);
?>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>php sql injection test </title>
</head>
<body>
<p align="center"><b><font color="#ff0000" size="5" face="华文行楷"> </font><font color="#ff0000" size="5" face="华文新魏">php
注入测试专用</font></b></p>
<table width="100%" height="25%" border="1" align="center" cellpadding="0" cellspacing="0">
<tr>
<td><?=$row[0]?></td>
</tr>
<tr>
<td><?=$row[1]?></td>
</tr>
</table>
<p><u><font color="#0000ff">by:孤狐浪子 qq:393214425 </font></u></p>
<p><font color="#0000ff">blog: http://itpro.blog.163.com</font></p>
<p> </p>
</body>
</html>
创建数据库代码:保存成test.sql 使用phpmyadmin执行就ok了
复制代码 代码如下:
create database `phpzr` ; //创建数据库名称
create table admin (
id int(10) unsigned not null auto_increment,
username char(10) not null default '',
password char(10) not null default '',
useremail char(20) not null default '',
groupid int(11) not null default '0',
primary key (id)
) type=myisam;
insert into admin values (1, 'admin', 'itpro.blog.163.com','itpro@163.com', 1);
insert into admin values (2, 'admin1', 'itpro.blog.163.com','itpro@163.com', 2);
insert into admin values (3, 'admin2', 'itpro.blog.163.com','itpro@163.com', 3);
insert into admin values (4, 'admin3', 'itpro.blog.163.com','itpro@163.com', 4);
insert into admin values (5, 'admin4', 'itpro.blog.163.com','itpro@163.com', 5);
create table admin1 (
id int(10) unsigned not null auto_increment,
username char(10) not null default '',
password char(10) not null default '',
useremail char(20) not null default '',
groupid int(11) not null default '0',
primary key (id)
) type=myisam;
insert into admin1 values (1, 'admin', 'itpro.blog.163.com','itpro@163.com', 1);
insert into admin1 values (2, 'admin1', 'itpro.blog.163.com','itpro@163.com', 2);
insert into admin1 values (3, 'admin2', 'itpro.blog.163.com','itpro@163.com', 3);
insert into admin1 values (4, 'admin3', 'itpro.blog.163.com','itpro@163.com', 4);
insert into admin1 values (5, 'admin4', 'itpro.blog.163.com','itpro@163.com', 5);