MySQL注入

本文介绍了MySQL注入-使用SELECT查询进行更新/删除的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我有一个简单的问题:假设有一个网站查询如下:

I've got one easy question: say there is a site with a query like:

SELECT id, name, message FROM messages WHERE id = $_GET['q'].

是否有任何方法可以在数据库(MySQL)中更新/删除某些内容?到目前为止，我还从未见过能够使用 SELECT查询进行删除/更新的注入，所以，甚至有可能吗?

Is there any way to get something updated/deleted in the database (MySQL)? Until now I've never seen an injection that was able to delete/update using a SELECT query, so, is it even possible?

推荐答案

如果说使用的mysql_query不支持多个查询，则不能直接添加DELETE/UPDATE/INSERT，但是在某些情况下可以修改数据.例如，假设您具有以下功能

If you say you use mysql_query that doesn't support multiple queries, you cannot directly add DELETE/UPDATE/INSERT, but it's possible to modify data under some circumstances. For example, let's say you have the following function

DELIMITER // CREATE DEFINER=`root`@`localhost` FUNCTION `testP`() RETURNS int(11) LANGUAGE SQL NOT DETERMINISTIC MODIFIES SQL DATA SQL SECURITY DEFINER COMMENT '' BEGIN DELETE FROM test2; return 1; END //

现在您可以在SELECT中调用此函数: SELECT id, name, message FROM messages WHERE id = NULL OR testP() (id = NULL-始终为NULL(FALSE)，因此testP()总是被执行.

Now you can call this function in SELECT : SELECT id, name, message FROM messages WHERE id = NULL OR testP() (id = NULL - always NULL(FALSE), so testP() always gets executed.