对sql注入和web安全有些陌生。我看了很多关于这个主题的帖子,但都找不出答案。我试图打破下面的过滤器注入一个sql命令(为了登录一个已知的用户名,没有密码)。。。
$filtered = $string;
$filtered_string = str_replace("admin'","",$filtered_string);
$filtered_string = str_replace("or","",$filtered_string);
$filtered_string = str_replace("collate","",$filtered_string);
$filtered_string = str_replace("drop","",$filtered_string);
$filtered_string = str_replace("and","",$filtered_string);
$filtered_string = str_replace("OR","",$filtered_string);
$filtered_string = str_replace("COLLATE","",$filtered_string);
$filtered_string = str_replace("DROP","",$filtered_string);
$filtered_string = str_replace("AND","",$filtered_string);
$filtered_string = str_replace("union","",$filtered_string);
$filtered_string = str_replace("UNION","",$filtered_string);
$filtered_string = str_replace("/*","",$filtered_string);
$filtered_string = str_replace("*/","",$filtered_string);
$filtered_string = str_replace("//","",$filtered_string);
$filtered_string = str_replace("#","",$filtered_string);
$filtered_string = str_replace("--","",$filtered_string);
$filtered_string = str_replace(";","",$filtered_string);
$filtered_string = str_replace("||","",$filtered_string);
我应该补充一点,这是一个基于php的网站-一个测试环境,正如alejandro指出的,确实值得被黑客攻击-我只是不知道怎么做
暂无答案!
目前还没有任何答案,快来回答吧!