我有一个简单的问题:假设有一个网站查询如下:
I've got one easy question: say there is a site with a query like:
SELECT id, name, message FROM messages WHERE id = $_GET['q'].
是否有任何方法可以在数据库(MySQL)中更新/删除某些内容?到目前为止,我还从未见过能够使用 SELECT查询进行删除/更新的注入,所以,甚至有可能吗?
Is there any way to get something updated/deleted in the database (MySQL)? Until now I've never seen an injection that was able to delete/update using a SELECT query, so, is it even possible?
推荐答案如果说使用的mysql_query不支持多个查询,则不能直接添加DELETE/UPDATE/INSERT,但是在某些情况下可以修改数据.例如,假设您具有以下功能
If you say you use mysql_query that doesn't support multiple queries, you cannot directly add DELETE/UPDATE/INSERT, but it's possible to modify data under some circumstances. For example, let's say you have the following function
DELIMITER // CREATE DEFINER=`root`@`localhost` FUNCTION `testP`() RETURNS int(11) LANGUAGE SQL NOT DETERMINISTIC MODIFIES SQL DATA SQL SECURITY DEFINER COMMENT '' BEGIN DELETE FROM test2; return 1; END //现在您可以在SELECT中调用此函数: SELECT id, name, message FROM messages WHERE id = NULL OR testP() (id = NULL-始终为NULL(FALSE),因此testP()总是被执行.
Now you can call this function in SELECT : SELECT id, name, message FROM messages WHERE id = NULL OR testP() (id = NULL - always NULL(FALSE), so testP() always gets executed.
更多推荐
MySQL注入
发布评论