SQL Injection: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 18: | Zeile 18: | ||
+------+--------------+----------+ | +------+--------------+----------+ | ||
2 rows in set (0.000 sec) | 2 rows in set (0.000 sec) | ||
| + | =PHP Code= | ||
| + | ==Unsicher== | ||
| + | <pre> | ||
| + | <?php | ||
| + | error_reporting(E_ERROR | E_PARSE); | ||
| + | if(isset($_POST['submit'])){ | ||
| + | define('DB_SERVER', 'db'); | ||
| + | define('DB_USERNAME', 'xinux'); | ||
| + | define('DB_PASSWORD', 'suxer'); | ||
| + | define('DB_NAME', 'sql_injections'); | ||
| + | $link = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME); | ||
| + | mysqli_set_charset($link, "utf8"); | ||
| + | if($link === false){ | ||
| + | echo(mysqli_connect_error()); | ||
| + | die("ERROR: Could not connect. " . mysqli_connect_error()); | ||
| + | } | ||
| + | |||
| + | |||
| + | //connect db | ||
| + | include "inc/connect.php"; | ||
| + | //safe query | ||
| + | $search = mysqli_real_escape_string($link, $_POST['search']); | ||
| + | //Database search | ||
| + | $sql = "SELECT * FROM users WHERE username='$search'"; | ||
| + | $result = mysqli_query($link, $sql); | ||
| + | } | ||
| + | ?> | ||
| + | |||
| + | <!DOCTYPE html> | ||
| + | <html> | ||
| + | </pre> | ||
| + | |||
| + | |||
[[Datei:Sql-injection-1.png]] | [[Datei:Sql-injection-1.png]] | ||
Version vom 15. Juni 2021, 18:31 Uhr
Vorüberlegung
Verhaltensweise einer SQL Abfrage
- Normale Abfrage
- MariaDB [sql_injections]> select * from users where username = 'rudi.burkart';
+------+--------------+----------+ | id | username | password | +------+--------------+----------+ | 2 | rudi.burkart | secret | +------+--------------+----------+ 1 row in set (0.000 sec)
- Oder Verknüpfung
- MariaDB [sql_injections]> select * from users where username = 'rudi.burkart' or username = 'hans.will';
+------+--------------+----------+ | id | username | password | +------+--------------+----------+ | 2 | rudi.burkart | secret | | 1 | hans.will | geheim | +------+--------------+----------+ 2 rows in set (0.000 sec)
PHP Code
Unsicher
<?php
error_reporting(E_ERROR | E_PARSE);
if(isset($_POST['submit'])){
define('DB_SERVER', 'db');
define('DB_USERNAME', 'xinux');
define('DB_PASSWORD', 'suxer');
define('DB_NAME', 'sql_injections');
$link = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME);
mysqli_set_charset($link, "utf8");
if($link === false){
echo(mysqli_connect_error());
die("ERROR: Could not connect. " . mysqli_connect_error());
}
//connect db
include "inc/connect.php";
//safe query
$search = mysqli_real_escape_string($link, $_POST['search']);
//Database search
$sql = "SELECT * FROM users WHERE username='$search'";
$result = mysqli_query($link, $sql);
}
?>
<!DOCTYPE html>
<html>
