SQL注入绕过mysql_real_escape_string()

允我心安 提交于 2020-08-17 08:25:44

问题:

Is there an SQL injection possibility even when using mysql_real_escape_string() function? 即使使用mysql_real_escape_string()函数,也有可能进行SQL注入吗?

Consider this sample situation. 考虑此示例情况。 SQL is constructed in PHP like this: SQL是用PHP构造的,如下所示:

$login = mysql_real_escape_string(GetFromPost('login'));
$password = mysql_real_escape_string(GetFromPost('password'));

$sql = "SELECT * FROM table WHERE login='$login' AND password='$password'";

I have heard numerous people say to me that code like that is still dangerous and possible to hack even with mysql_real_escape_string() function used. 我听过很多人对我说,即使使用mysql_real_escape_string()函数,这样的代码仍然很危险,甚至有可能被破解。 But I cannot think of any possible exploit? 但是我想不出任何可能的利用方式?

Classic injections like this: 像这样的经典注射:

aaa' OR 1=1 --

do not work. 不工作。

Do you know of any possible injection that would get through the PHP code above? 您是否知道上面的PHP代码会进行任何可能的注入?


解决方案:

参考一: https://stackoom.com/question/O5Xn/SQL注入绕过mysql-real-escape-string
参考二: https://oldbug.net/q/O5Xn/SQL-injection-that-gets-around-mysql-real-escape-string
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!