在测试过程中,经常需要自己本地构造注入点来进行SQL测试,这边分享一下,不同环境下构造SQL注入的代码。
PHP+MYSQL版
<?php $con = mysql_connect("localhost","root","root"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("test", $con); $id = $_REQUEST[ 'id' ]; $query = "SELECT * FROM admin WHERE username = $id "; $result = mysql_query($query); while($row = mysql_fetch_array($result)) { echo $row['0'] . " " . $row['1']; echo "<br />"; } echo "<br/>"; echo $query; mysql_close($con); ?>
ASP+MSSQL版
<% strSQLServerName = "127.0.0.1" '服务器名称或地址 strSQLDBUserName = "sa" '数据库帐号 strSQLDBPassword = "andyou" '数据库密码 strSQLDBName = "test" '数据库名称 Set conn = Server.CreateObject("ADODB.Connection") strCon = "Provider=SQLOLEDB.1;Persist Security Info=False;Server=" & strSQLServerName & ";User ID=" & strSQLDBUserName & ";Password=" & strSQLDBPassword & ";Database=" & strSQLDBName & ";" conn.open strCon set rs=Server.CreateObject("ADODB.recordset") id = request("id") sql="select * from admin where id="&id Response.Write(sql) rs.Open sql,conn %> <table border="1" width="100%"> <tr> <%for each x in rs.Fields response.write("<th>" & x.name & "</th>") next%> </tr> <%do until rs.EOF%> <tr> <%for each x in rs.Fields%> <td><%Response.Write(x.value)%></td> <%next rs.MoveNext%> </tr> <%loop rs.close conn.close%> </table>
ASP.NET+MSSQL版
<%@ Page Language="C#" AutoEventWireup="true" %> <%@ Import Namespace="System.Data" %> <%@ Import namespace="System.Data.SqlClient" %> <!DOCTYPE html> <script runat="server"> private DataSet resSet=new DataSet(); protected void Page_Load(object sender, EventArgs e) { String strconn = "server=.;database=test;uid=sa;pwd=andyou"; string id = Request.Params["id"]; //string sql = string.Format("select * from admin where id={0}", id); string sql = "select * from admin where id=" + id; SqlConnection connection=new SqlConnection(strconn); connection.Open(); SqlDataAdapter dataAdapter = new SqlDataAdapter(sql, connection); dataAdapter.Fill(resSet); DgData.DataSource = resSet.Tables[0]; DgData.DataBind(); Response.Write("执行语句:<br>"+sql); Response.Write("<br>结果为:"); } </script> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <title></title> </head> <body> <form id="form1" runat="server"> <div> <asp:DataGrid ID="DgData" runat="server" BackColor="White" BorderColor="#3366CC" BorderStyle="None" BorderWidth="1px" CellPadding="4" HeaderStyle-CssClass="head" Width="203px"> <FooterStyle BackColor="#99CCCC" ForeColor="#003399" /> <SelectedItemStyle BackColor="#009999" Font-Bold="True" ForeColor="#CCFF99" /> <PagerStyle BackColor="#99CCCC" ForeColor="#003399" HorizontalAlign="Left" Mode="NumericPages" /> <ItemStyle BackColor="White" ForeColor="#003399" /> <HeaderStyle CssClass="head" BackColor="#003399" Font-Bold="True" ForeColor="#CCCCFF"></HeaderStyle> </asp:DataGrid> </div> </form> </body> </html>