一、SQL注入漏洞
1、工具安装
phpstudy与DVWA安装配置(默认用户名:admin,默认密码:password)
(1)软件安装教程:
https://datutu.blog.csdn.net/article/details/109323067?spm=1001.2101.3001.6650.1&utm_medium=distribute.pc_relevant.none-task-blog-2%7Edefault%7ECTRLIST%7ERate-1.pc_relevant_paycolumn_v3&depth_1-utm_source=distribute.pc_relevant.none-task-blog-2%7Edefault%7ECTRLIST%7ERate-1.pc_relevant_paycolumn_v3&utm_relevant_index=2(2)配置解决方案:
https://blog.csdn.net/qq_36415152/article/details/96297575?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522164595071316780261957793%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fall.%2522%257D&request_id=164595071316780261957793&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~all~first_rank_ecpm_v1~rank_v31_ecpm-1-96297575.pc_search_result_cache&utm_term=PHP+function+allow_url_include%3A+Disabled&spm=1018.2226.3001.4187
2、工具启动
第一步:启动phpstudy
第二步:访问
http://127.0.0.1/DVWA-master/login.php? (1)Username: admin password: password
? (2)设置DVWA安全等级:DVWA Security
? (3)利用SQL Injection进行SQL注入
3、SQLmap的使用
(1)SQLmap的启动:
第一步:使用cmd启动sqlmap.py,
python sqlmap.py
(2)SQLmap的使用:
4、SQL注入完全防御:(面试题)
使用PDO(PHP Data Objects),配合正确的过滤和SQL语句!便可防御。