MySQL8 1Z0-908学习(4)

2022-02-16 05:54:51

问题(答案在文章最后):

Which two queries are examples of successful SQL injection attacks? (Choose two.)
A SELECT user,passwd FROM members
WHERE user = ‘?’;INSERT INTO members(‘user’,‘passwd’) VALUES (‘bob@example.com’,‘secret’);–’;
B SELECT id, name FROM user WHERE user.id=(SELECT members.id FROM members);
C SELECT id, name FROM user WHERE id=23 OR id=32 OR 1=1;
D SELECT id, name FROM user WHERE id=23 OR id=32 AND 1=1;
E SELECT email,passwd FROM members
WHERE email = ‘INSERT INTO members(‘email’,‘passwd’) VALUES (‘bob@example.com’, ‘secret’);–’;
F SELECT user, phone FROM customers WHERE name = ‘; DROP TABLE users; --’;

解析:

1, Where语句中加入"?’;",“INSERT”,“–"等特殊符号及SQL语句,会导致SQL语句被运行。

SELECT user,passwd FROM members
WHERE user = ‘?’;INSERT INTO members(‘user’,‘passwd’) VALUES (‘bob@example.com’,‘secret’);–’;
B SELECT id, name FROM user WHERE user.id=(SELECT members.id FROM members);

2, SQL语句的WHERE条件中加入”OR 1=1;“,即使其他条件不满足,也会查询出结果。

答案:

AC

上一篇:Eclipse Sort Members默认之后恢复的方法


下一篇:jvm源码解读--14 defNewGeneration.cpp gc标记复制之后,进行空间清理