Shulou(Shulou.com)06/01 Report--

What is the constraint-based attack? I believe many inexperienced people are at a loss about it. Therefore, this paper summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

First, the principle of sql attack based on constraints.

1. The name of the new table is user, and the length of the name and password cannot exceed 10.

Create table user (id int primary key auto_increment,//id field, int type, keyword, automatically add name varchar (10) not null,//name field, string, empty pass varchar (10) not null) / / year field, int type, not allowed to be empty

2. Insert two pieces of normal data

Insert into user (name,pass) values ("aiyou", 123456); insert into user (name,pass) values ("admin", 123456)

3. Insert a user name with a length greater than 10

Insert into user (name,pass) values ("admin123456789", 123456)

4. Looking at the inserted data, it is found that only ten characters are retained.

5. Insert a user name with spaces and find that it is the same as the admin without spaces.

II. Case study

1. Visit http://192.168.0.104/aiyou/php/zc.html, prompt for user name and password, enter and click submit to indicate that user name already exists

2. Try to fill in the blanks with a password of 123321

3. View the database and insert the administrator account successfully

III. Source code

Html page:

User name: password: confirm password:

PHP page:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.