Php注入点构造代码

2015-01-24信息快讯网

php注入代码,方便注入测试

把下面保存成 Test.asp 

<?  
 $mysql_server_name = "localhost";  
    $mysql_username    = "root";  
    $mysql_password    = "password";  
    $mysql_database    = "phpzr";    //??ݿ??  
    $conn=mysql_connect( $mysql_server_name, $mysql_username, $mysql_password );  
    mysql_select_db($mysql_database,$conn);  
$id=$_GET['id'];  
    $sql = "select username,password from admin where id=$id";  
    $result=mysql_db_query( $mysql_database, $sql,$conn );      
    $row=mysql_fetch_row($result);  
?>  
<html>  
<head>  
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">  
<title>Php Sql Injection Test </title>  
</head>  
<body>  
<p align="center"><b><font color="#FF0000" size="5" face="华文行楷"> </font><font color="#FF0000" size="5" face="华文新魏">PHP   
注入测试专用</font></b></p>  
<table width="100%" height="25%" border="1" align="center" cellpadding="0" cellspacing="0">  
<tr>  
<td><?=$row[0]?></td>  
</tr>  
<tr>  
<td><?=$row[1]?></td>  
</tr>  
</table>  
<p><u><font color="#0000FF">BY:孤狐浪子 QQ:393214425 </font></u></p>  
<p><font color="#0000FF">Blog: Http://itpro.blog.163.com</font></p>  
<p> </p>  
</body>  
</html>

创建数据库代码:保存成test.sql 使用phpmyadmin执行就ok了 

CREATE DATABASE `phpzr` ; //创建数据库名称  


CREATE TABLE admin (  
  id int(10) unsigned NOT NULL auto_increment,  
  username char(10) NOT NULL default '',  
  password char(10) NOT NULL default '',  
  useremail char(20) NOT NULL default '',  
  groupid int(11) NOT NULL default '0',  
  PRIMARY KEY  (id)  
) TYPE=MyISAM;  

   

INSERT INTO admin VALUES (1, 'admin', 'itpro.blog.163.com','[email protected]', 1);  
INSERT INTO admin VALUES (2, 'admin1', 'itpro.blog.163.com','[email protected]', 2);  
INSERT INTO admin VALUES (3, 'admin2', 'itpro.blog.163.com','[email protected]', 3);  
INSERT INTO admin VALUES (4, 'admin3', 'itpro.blog.163.com','[email protected]', 4);  
INSERT INTO admin VALUES (5, 'admin4', 'itpro.blog.163.com','[email protected]', 5);  

CREATE TABLE admin1 (  
  id int(10) unsigned NOT NULL auto_increment,  
  username char(10) NOT NULL default '',  
  password char(10) NOT NULL default '',  
  useremail char(20) NOT NULL default '',  
  groupid int(11) NOT NULL default '0',  
  PRIMARY KEY  (id)  
) TYPE=MyISAM;  

   

INSERT INTO admin1 VALUES (1, 'admin', 'itpro.blog.163.com','[email protected]', 1);  
INSERT INTO admin1 VALUES (2, 'admin1', 'itpro.blog.163.com','[email protected]', 2);  
INSERT INTO admin1 VALUES (3, 'admin2', 'itpro.blog.163.com','[email protected]', 3);  
INSERT INTO admin1 VALUES (4, 'admin3', 'itpro.blog.163.com','[email protected]', 4);  
INSERT INTO admin1 VALUES (5, 'admin4', 'itpro.blog.163.com','[email protected]', 5);
PHP 文件缓存的性能测试
PHP 中文处理技巧
PHP 网络开发详解之远程文件包含漏洞
php快速url重写更新版[需php 5.30以上]
PHP CURL模拟GET及POST函数代码
PHP中防止SQL注入攻击和XSS攻击的两个简单方法
通俗易懂的php防注入代码
PHP+MySQL 手工注入语句大全 推荐
防止MySQL注入或HTML表单滥用的PHP程序
高级php注入方法集锦第1/2页
坏狼的PHP学习教程之第1天
介绍php设计模式中的工厂模式
php mysql索引问题
PHP中MD5函数使用实例代码
PHP时间戳使用实例代码
PHP-MySQL教程归纳总结
php xfocus防注入资料
php SQL防注入代码集合
PHP防注入安全代码
PHP与SQL注入攻击[三]
PHP与SQL注入攻击[二]
©2014-2024 dbsqp.com