|
http://www.hackerschool.org/HS_Boards/zboard.php?AllArticle=true&no=31728 [º¹»ç]
Á¦ ¼¹ö¿¡¼ sql ÀÎÁ§¼Ç ½ÇÇèÀ» ÇÏ°í Àִµ¥ µµ¿ÍÁÖ¼¼¿ä ¤Ð¤Ð
http://localhost/test/inject.php?id=1%27;%20select%20@@version--
À§¿¡ ÀÖ´Â°Ô °ø°Ý ÄÚµåÀÔ´Ï´Ù. Äڵ忡 ¹«½¼ ¹®Á¦°¡ ÀÖ³ª¿ä?
<?
mysql_connect("localhost","benkim","123");
mysql_select_db("facebook");
$id = $_GET['id'];
$query = mysql_query("select * from usr_info where id='$id'") or die(mysql_error());
$name = mysql_fetch_array($query);
echo "Name:".$name['f_name'];
?>
À§¿¡ ÀÖ´Â°Ô ¼Ò½º ÄÚµåÀÔ´Ï´Ù. |
Hit : 7390 Date : 2014/04/23 12:18
|
22018, 
1/1101 
