实例:模拟登录请求传入用户id和密码参数,使用字符串拼接导致的SQL注入。
- 拼接SQL语句,就会出现SQL注入的安全问题,拼接代码如下:
String sql = "select * from user where username='" + uid + "' and password='" + passwd + "'";
- 若此时传入参数如下:永真式万能密码 或 封号结束注释后面条件验证(只能说人的脑洞真大哈哈),还有更奇葩的像
Union注入
params.put("uid", "malongfei");
params.put("passwd", "111' or '1' = '1");
// 或者
params.put("uid", "malongfei'; -- ")
// 或者
params.put("uid", "malongfei'; # ")
- 此时JDBC还没意识到安全问题,依旧将以上参数拼接到我们的SQL原语中,如下:
select * from user where uid = 'malongfei' and passwd = '111' or '1' = '1';
select * from user where uid = 'malongfei'; -- ' and passwd = '111' or '1' = '1';
select * from user where uid = 'malongfei'; # ' and passwd = '111' or '1' = '1';
Original: https://www.cnblogs.com/malongfeistudy/p/16745900.html
Author: 有点小白的菜鸟
Title: 聊聊SQL注入
原创文章受到原创版权保护。转载请注明出处:https://www.johngo689.com/580483/
转载文章受原作者版权保护。转载请注明原作者出处!