You are here: hacking technology > hacker invade > Content
Hot Articles
Recommend Articles
New Articles
PHP pours into the invasion example
  Add date: 07/12/2008   Publishing date: 07/12/2008   Hits: 12
Total 4 pages, Current page:1, Jump to page:
 
Today what I must give everybody the explanation is an unusual NB invasion process, I thought that the unusual splendor, inside has contained very many knowledge spots, this to with the friend who does not understand php completely can spell over equally, and carries on the invasion similar website according to inside technology, and can obtain the very good effect.

    Now SQL pours into the crack everywhere to uncover is, and develops outstanding tool for example NBSI, with CASI and so on. This has been good regarding we such new military recruits, because avoided us manual coming the little guess completely, big enhancement invasion rate. . The good idle talk said that not much enters our article directly, comes travel of the time illusion, believed that your here certainly could again find belongs to your thing.

One. Elementary knowledge

    First I am inarticulate a php crack the formation cardinal principle, many people thought that pours from the top into PHP+MYSQL must certainly use the single quotes, or does not have the means to look like MSSQL such to be possible to use “declare @a sysname select @a= exec master.dbo.xp_cmdshell @a” this kind of order to eliminate the quotation mark, actually this was everybody to one kind of misunderstanding which poured into or this said that was to pours into the understanding one kind of erroneous zone.

¡¡¡¡Why? No matter because in any language, in quotation mark (including odd and even), all strings of character are the constants, even if is dir such order, also tight is the string of character, cannot treat as the order execution, only if is the code which like this writes:

$command = “dir c:\”;

system($command);

¡¡¡¡Otherwise is only the string of character merely, certainly, we said the order not just refers to the system order, what here said is the SQL sentence, must let the SQL sentence which we construct carry out normally, cannot let our sentence turn the string of character, then in what situation will use the single quotes? When doesn't use? Has a look at the following two SQL sentence:

¢ÙSELECT * FROM article WHERE articleid=$id

¢ÚSELECT * FROM article WHERE articleid=$id

¡¡¡¡Two kind of mode of writing are very common in each kind of procedure, but the security is different, because first places variable $id in pair of single quotes, like this caused the variable which we submitted to turn the string of character, even if has contained the correct SQL sentence, also will not carry out normally, but the second difference, because has not admitted the variable in the single quotes, then we submitted all, so long as contained the blank space, after that blank space's variable could take the SQL sentence execution, we submitted the abnormal sentence which separately in view of two sentences two successes poured into, had a look at the difference.

¢Ù Assigns variable $id is:

1 and 1=2 union select * from user where userid=1/*

This time the entire SQL sentence becomes:

 
Other pages: : 1 * 2 * 3 * 4 * Next>>
Prev:Invades the WINDOWS server using the windows script Next:Brief analysis Linux system back door technology and practice method

Comment:

Category: Home > hacker invade