构造PHP注入点

PHP注入点实例代码:


<?php
$db_host = 'localhost';
$db_user = 'root';
$db_pass = 'waitalone.cn';
$id = $_REQUEST['id'];
$link = mysql_connect($db_host, $db_user, $db_pass) or die("DB Connect Error:" . mysql_error());
mysql_select_db('sqlinject', $link) or die("Can\'t use sqlinject:" . mysql_error());
$sql = "SELECT * FROM admin WHERE id=$id";
$query = mysql_query($sql) or die("Invalid Query:" . mysql_error());
while ($row = mysql_fetch_array($query))
{
    echo "用户ID:" . $row['id'] . "
";
    echo "用户账号:" . $row['username'] . "
";
    echo "用户密码:" . $row['password'] . "
";
}
mysql_close($link);
echo "当前查询语句:".$sql."
";
?>
转载请注明本文链接: http://www.mayidui.net/t2822.html
话题: 黑客 web安全
游客
登录后才可以回帖,登录 或者 注册