Shulou(Shulou.com)06/01 Report--

MySQL SQL injection of Python full Stack Road Series

SQL injection is a code injection technique that used to be used in data-driven applications such as injecting malicious SQL code into specific fields to implement *.

The success of SQL injection must take advantage of security vulnerabilities in the application, such as when user input is not properly filtered (for certain strings) or without special emphasis on types, it is easy to cause abnormal execution of SQL statements.

SQL injection is the most commonly used technology in the website, but in fact, SQL injection can be used for all SQL databases.

Implementation of SQL injection

Create a SQLdb database

CREATE DATABASE SQLdb

Create a user_info table

CREATE TABLE `user_ info` (`id` int (11) NOT NULL AUTO_INCREMENT, `username` varchar (32) DEFAULT NULL, `password` varchar (32) DEFAULT NULL, PRIMARY KEY (`id`) ENGINE=InnoDB DEFAULT CHARSET=utf8

Insert a piece of user data

The user name of the test is ansheng, and the password is as

Insert into user_info (username,password) values ("ansheng", "as")

Python code

App.py file

#! / usr/bin/env python#-*-coding:utf-8-*-import tornado.ioloopimport tornado.webimport pymysqlclass LoginHandler (tornado.web.RequestHandler): def get (self, * args, * * kwargs): self.render ('login.html') def post (self, * args, * * kwargs): username = self.get_argument (' username', None) pwd = self.get_argument ('pwd' None) conn = pymysql.connect (host='127.0.0.1', port=3306, user='root', passwd='as', db='sqldb') cursor = conn.cursor () temp = "select username from user_info where username='%s' and password ='% s'"% (username, pwd) ) effect_row = cursor.execute (temp) result = cursor.fetchone () conn.commit () cursor.close () conn.close () if result: self.write ('login successful') else: self.write ('login failed') application = tornado.web.Application ([(r "/ login", LoginHandler) ]) if _ _ name__ = = "_ _ main__": application.listen (8888) tornado.ioloop.IOLoop.instance () .start ()

HTML code

Login.html and app.py files are at the same level

Title

Demonstration effect

Open the browser and enter the address http://127.0.0.1:8888/login

Fill in the form as follows:

User name: asas'or 1 = 1 Murray-asd

Password: fill in a random string of letters

As shown in the figure:

Will you jump to the login success page when you click submit? If your code is the same as mine, then you will jump to the login page.

Why is this a problem?

The main reason for this problem is that we use string concatenation to concatenate SQL instructions.

SQL instruction splicing code

Temp = "select username from user_info where username='%s' and password ='% s'"% (username, pwd,)

This is the result of a normal SQL splicing.

Select username from user_info where username='ansheng' and password = 'as'

This is the result of an abnormal SQL splicing.

Select username from user_info where username='asas' or 1 = 1-- asd' and password ='s'

Smart, have you seen the mystery? --

How to prevent it?

The execution of SQL is carried out through the pymysql module of Python, and the "'" (single quotation mark) is automatically placed in the pymysql module as a special treatment to prevent the above errors.

Effect _ row = cursor.execute ("select username from user_info where username='%s' and password ='% s'", (username, pwd)).

# Python full Stack Road # Sql injection

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.