我的第一个 PHP
?
Welcome to the NetSPI SQL Injection Wiki:https://sqlwiki.netspi.com/
?
因為需要了解下 SQL 注入,就使用 PHP 自己寫了一個只有一個網頁的網站測試下,現在記錄下過程。。。
直接使用的 KALI系統 (KALI官網:https://www.kali.org/)。KALI 是一個滲透測試的神器。集成了好多黑客工具,當然也就集成了許多開發所需的環境。
這里只涉及 MySQL 和 apache?
啟動 MySQL :
?
root@kali:~# systemctl start mysql //啟動 mysql 服務 root@kali:~# systemctl status mysql //查看 mysql 狀態?
?
SQL 建表腳本(添加一些測試數據):
MySQL樣例數據庫腳本:http://download.csdn.net/detail/freeking101/9915991
DROP SCHEMA IF EXISTS world; CREATE SCHEMA world; USE world; SET AUTOCOMMIT=0;-- -- Table structure for table `City` --DROP TABLE IF EXISTS `City`;CREATE TABLE `City` (`ID` int(11) NOT NULL AUTO_INCREMENT,`Name` char(35) NOT NULL DEFAULT '',`CountryCode` char(3) NOT NULL DEFAULT '',`District` char(20) NOT NULL DEFAULT '',`Population` int(11) NOT NULL DEFAULT '0',PRIMARY KEY (`ID`),KEY `CountryCode` (`CountryCode`),CONSTRAINT `city_ibfk_1` FOREIGN KEY (`CountryCode`) REFERENCES `Country` (`Code`) ) ENGINE=InnoDB AUTO_INCREMENT=4080 DEFAULT CHARSET=latin1;-- -- Dumping data for table `City` -- -- ORDER BY: `ID`INSERT INTO `City` VALUES (1,'Kabul','AFG','Kabol',1780000); INSERT INTO `City` VALUES (2,'Qandahar','AFG','Qandahar',237500); INSERT INTO `City` VALUES (3,'Herat','AFG','Herat',186800); INSERT INTO `City` VALUES (4,'Mazar-e-Sharif','AFG','Balkh',127800); INSERT INTO `City` VALUES (5,'Amsterdam','NLD','Noord-Holland',731200); INSERT INTO `City` VALUES (6,'Rotterdam','NLD','Zuid-Holland',593321); INSERT INTO `City` VALUES (7,'Haag','NLD','Zuid-Holland',440900); INSERT INTO `City` VALUES (8,'Utrecht','NLD','Utrecht',234323); INSERT INTO `City` VALUES (9,'Eindhoven','NLD','Noord-Brabant',201843); INSERT INTO `City` VALUES (10,'Tilburg','NLD','Noord-Brabant',193238); COMMIT; -- -- Table structure for table `Country` --DROP TABLE IF EXISTS `Country`;CREATE TABLE `Country` (`Code` char(3) NOT NULL DEFAULT '',`Name` char(52) NOT NULL DEFAULT '',`Continent` enum('Asia','Europe','North America','Africa','Oceania','Antarctica','South America') NOT NULL DEFAULT 'Asia',`Region` char(26) NOT NULL DEFAULT '',`SurfaceArea` float(10,2) NOT NULL DEFAULT '0.00',`IndepYear` smallint(6) DEFAULT NULL,`Population` int(11) NOT NULL DEFAULT '0',`LifeExpectancy` float(3,1) DEFAULT NULL,`GNP` float(10,2) DEFAULT NULL,`GNPOld` float(10,2) DEFAULT NULL,`LocalName` char(45) NOT NULL DEFAULT '',`GovernmentForm` char(45) NOT NULL DEFAULT '',`HeadOfState` char(60) DEFAULT NULL,`Capital` int(11) DEFAULT NULL,`Code2` char(2) NOT NULL DEFAULT '',PRIMARY KEY (`Code`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1;-- -- Dumping data for table `Country` -- -- ORDER BY: `Code`INSERT INTO `Country` VALUES ('ABW','Aruba','North America','Caribbean',193.00,NULL,103000,78.4,828.00,793.00,'Aruba','Nonmetropolitan Territory of The Netherlands','Beatrix',129,'AW'); INSERT INTO `Country` VALUES ('AFG','Afghanistan','Asia','Southern and Central Asia',652090.00,1919,22720000,45.9,5976.00,NULL,'Afganistan/Afqanestan','Islamic Emirate','Mohammad Omar',1,'AF'); INSERT INTO `Country` VALUES ('AGO','Angola','Africa','Central Africa',1246700.00,1975,12878000,38.3,6648.00,7984.00,'Angola','Republic','Jos?Eduardo dos Santos',56,'AO'); INSERT INTO `Country` VALUES ('AIA','Anguilla','North America','Caribbean',96.00,NULL,8000,76.1,63.20,NULL,'Anguilla','Dependent Territory of the UK','Elisabeth II',62,'AI'); INSERT INTO `Country` VALUES ('ALB','Albania','Europe','Southern Europe',28748.00,1912,3401200,71.6,3205.00,2500.00,'Shqip雛ia','Republic','Rexhep Mejdani',34,'AL'); INSERT INTO `Country` VALUES ('AND','Andorra','Europe','Southern Europe',468.00,1278,78000,83.5,1630.00,NULL,'Andorra','Parliamentary Coprincipality','',55,'AD'); INSERT INTO `Country` VALUES ('ANT','Netherlands Antilles','North America','Caribbean',800.00,NULL,217000,74.7,1941.00,NULL,'Nederlandse Antillen','Nonmetropolitan Territory of The Netherlands','Beatrix',33,'AN'); INSERT INTO `Country` VALUES ('ARE','United Arab Emirates','Asia','Middle East',83600.00,1971,2441000,74.1,37966.00,36846.00,'Al-Imarat al-碅rabiya al-Muttahida','Emirate Federation','Zayid bin Sultan al-Nahayan',65,'AE'); INSERT INTO `Country` VALUES ('ARG','Argentina','South America','South America',2780400.00,1816,37032000,75.1,340238.00,323310.00,'Argentina','Federal Republic','Fernando de la R鷄',69,'AR'); INSERT INTO `Country` VALUES ('ARM','Armenia','Asia','Middle East',29800.00,1991,3520000,66.4,1813.00,1627.00,'Hajastan','Republic','Robert Kot歛rjan',126,'AM'); INSERT INTO `Country` VALUES ('ASM','American Samoa','Oceania','Polynesia',199.00,NULL,68000,75.1,334.00,NULL,'Amerika Samoa','US Territory','George W. Bush',54,'AS'); COMMIT; -- -- Table structure for table `CountryLanguage` --DROP TABLE IF EXISTS `CountryLanguage`;CREATE TABLE `CountryLanguage` (`CountryCode` char(3) NOT NULL DEFAULT '',`Language` char(30) NOT NULL DEFAULT '',`IsOfficial` enum('T','F') NOT NULL DEFAULT 'F',`Percentage` float(4,1) NOT NULL DEFAULT '0.0',PRIMARY KEY (`CountryCode`,`Language`),KEY `CountryCode` (`CountryCode`),CONSTRAINT `countryLanguage_ibfk_1` FOREIGN KEY (`CountryCode`) REFERENCES `Country` (`Code`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1;-- -- Dumping data for table `CountryLanguage` -- -- ORDER BY: `CountryCode`,`Language`INSERT INTO `CountryLanguage` VALUES ('ABW','Dutch','T',5.3); INSERT INTO `CountryLanguage` VALUES ('ABW','English','F',9.5); INSERT INTO `CountryLanguage` VALUES ('ABW','Papiamento','F',76.7); INSERT INTO `CountryLanguage` VALUES ('ABW','Spanish','F',7.4); INSERT INTO `CountryLanguage` VALUES ('AFG','Balochi','F',0.9); INSERT INTO `CountryLanguage` VALUES ('AFG','Dari','T',32.1); INSERT INTO `CountryLanguage` VALUES ('AFG','Pashto','T',52.4); INSERT INTO `CountryLanguage` VALUES ('AFG','Turkmenian','F',1.9); INSERT INTO `CountryLanguage` VALUES ('AFG','Uzbek','F',8.8); INSERT INTO `CountryLanguage` VALUES ('AGO','Ambo','F',2.4); INSERT INTO `CountryLanguage` VALUES ('AGO','Chokwe','F',4.2); COMMIT;SET AUTOCOMMIT=1;?
啟動 apache
?
root@kali:~# systemctl start apache2 root@kali:~# systemctl status apache2?
?
apache 的默認主頁是 ?/var/www/html/index.html。直接訪問?http://localhost/index.html?
修改?index.html 為?index.php
index.php 內容如下: (數據庫連接部分參考:https://www.runoob.com/php/php-pdo.html)
?
<?php ini_set("display_errors", "On"); error_reporting(E_ALL | E_STRICT);print('Hello '); // 輸出 "Hello " 并且沒有換行符 echo "World\n"; // 輸出 "World" 并且換行 echo "<br />"; echo "<hr />"; echo '<p align="center">DataBase connect test</p>';$dbms='mysql'; //數據庫類型 $host='127.0.0.1'; //數據庫主機名 $dbName='world'; //使用的數據庫 $user='root'; //數據庫連接用戶名 $pass=''; //對應的密碼 $dsn="$dbms:host=$host;dbname=$dbName";try {// 連接到數據庫$dbh = new PDO($dsn, $user, $pass); $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $dbh->exec('set names utf8'); echo "連接成功<br/>";// sql 語句$strsql="SELECT id,name,countrycode FROM `City` LIMIT 5";//你還可以進行一次搜索操作foreach ($dbh->query($strsql) as $row) {//print_r($row); //你可以用 echo($GLOBAL); 來看到這些值echo "id: {$row['id']} ????";echo "name: {$row['name']} ????";echo "countrycode: {$row['countrycode']} ????";echo "<br />";}$dbh = null; } catch (PDOException $e) {die ("Error!: " . $e->getMessage() . "<br/>"); } ?><br /> <hr /> <p align="center">input test</p> <form><div>Input Query ID:<input type="text" name="search" style="width:60%;" ><input type="submit" name="submit" value="Search" ><br /><br />SQL Query String : <?phpif(isset($_GET['submit'])) {$val = $_GET['search'];$str_sql = "SELECT id,name,countrycode FROM City where id = $val";echo "<b>$str_sql</b>";echo "<br />";$dbms='mysql'; //數據庫類型$host='127.0.0.1'; //數據庫主機名$dbName='world'; //使用的數據庫$user='root'; //數據庫連接用戶名$pass=''; //對應的密碼$dsn="$dbms:host=$host;dbname=$dbName";try {// 連接到數據庫$dbh = new PDO($dsn, $user, $pass); $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $dbh->exec('set names utf8'); echo "<br /><br />";// 遍歷foreach ($dbh->query($str_sql) as $row) {//print_r($row); //你可以用 echo($GLOBAL); 來看到這些值echo '<table border="1">';echo "<tr>";echo "<td>";echo "id: {$row['id']} ????";echo "</td>";echo "<td>";echo "name: {$row['name']} ????";echo "</td>";echo "<td>";echo "countrycode: {$row['countrycode']} ????";echo "</td>";echo "</tr>";echo "</table>";}$dbh = null;} catch (PDOException $e) {die ("Error!: " . $e->getMessage() . "<br/>");}}else{echo "please input the number ID !!!";} ?></div> </form>瀏覽器直接訪問:http://localhost/index.php
?
mysql 數據庫中結果
到此,我的第一個 php 程序結束。。。。。
?
一個 簡單的 SQL 注入驗證
輸入要查詢的 ID (數字),點擊 search 按鈕,注意 瀏覽器 url 變化,傳遞一個參數?search=1 。然后下面顯示查詢結果。
現在修改 URL 傳遞的參數。
修改后的 URL 為 :http://localhost/index.php?search=1 or '1'='1'&submit=Search
再來一個復雜點的 SQL 注入驗證:
URL:http://localhost/index.php?search=1 union select code,name,region from Country LIMIT 5;&submit=Search
一個讀取文件的 SQL 注入
至此,一個簡單的 SQL 注入驗證完成。SQL 注入不止這些東西,以后慢慢學習研究。。。
SQL注入攻擊與防御 第二版:http://download.csdn.net/detail/hx0_0_8/9284595
?
?
?
?
總結
- 上一篇: 反调试技术揭秘(转)
- 下一篇: PHP 学习