使用SQL注入实现DROP TABLE

I have created this code for testing of SQL injection.

我已经创建了这个用于测试SQL注入的代码。

<?php
mysql_connect('localhost', 'root', '');
mysql_select_db("test");
$id = $_POST['data'];
$query = "SELECT * FROM members WHERE memberId ='" . $id . "'";
$q = mysql_query($query);
if (mysql_num_rows($q) == 0) 
{
      printf("<h4>Wrong user ID!</h4>");
}
else
{
  while ($row = mysql_fetch_array($q))
  {
  printf("<h4>Your ID is %s</h4>", $row["memberId"]);
  }
}
?>

When variable $id is 1' OR '1'='1, I can see all IDs in the table members. I would like also realize DROP TABLE, but I can't figure out what to insert in variable id $id. I have tried to insert 123'; DROP TABLE sql injection-- in $id.

当变量$ id为1'OR'1'='1时,我可以看到表成员中的所有ID。我也想实现DROP TABLE,但我无法弄清楚要在变量id $ id中插入什么。我试图插入123'; DROP TABLE sql注入 - $ id。

Do you have any idea what to insert in $id or how to modify this code?

你知道在$ id中插入什么或如何修改这段代码?

1 个解决方案

#1

In the console it would be: '; drop table members; select '

在控制台中它将是:';放台成员;选择 '

However you are using mysql_query and it supports only a single statement.

但是,您使用的是mysql_query,它只支持单个语句。

Here is what the manual says:

以下是手册所说的内容:

mysql_query() sends a unique query (multiple queries are not supported) to the currently active database on the server that's associated with the specified link_identifier.

mysql_query()向与指定link_identifier关联的服务器上的当前活动数据库发送唯一查询(不支持多个查询)。

Also check this question. As suggested there you can try using multi_query in your example.

还要检查这个问题。正如您所建议的那样,您可以尝试在示例中使用multi_query。

#1