PHP multi_query 页面呈现失败
PHP multi_query page render fails
早上好,
我 并得到了帮助,不幸的是,我的应用程序仍然没有 100% 做我想让它做的事情,尽管只缺少一个小细节。
假设我想进行 SQL 注入以删除数据库,当它发生时,呈现 PHP 页面。一切正常,直到我希望渲染发生 - 即使注入执行并且当我检查它时数据库被删除 MySQL,仍然没有渲染。问题可能是由于 multi_query 的使用不正确造成的。代码中的注释中有更多详细信息。
<?php
include("/../../connection.php");
if(isset($_POST["button_one"])){
$username = $_POST['username'];
$password = $_POST['password'];
if($conn->multi_query("SELECT id FROM users WHERE username = '$username' OR password = '$password'")) // IF THE USER HAS A VALID USERNAME OR PASSWORD,
{
do {
if ($result = $conn->store_result()) {
while ($row = $result->fetch_row()) { // THEN ENABLE BUTTON TWO, WHICH HAS TO BE CLICKED TO DROP THE DATABASE
echo "
<script type=\"text/javascript\">
document.getElementById('button_two').disabled=false;
</script>
";
}
$result->free();
}
} while ($conn->next_result());
}
}
if(isset($_POST["button_two"])){
$username = $_POST['username']; // SQL INJECTION TO DROP THE DB HAPPENS HERE
$password = $_POST['password'];
if($conn->multi_query("SELECT id FROM users WHERE username = '$username' OR password = '$password'")) // SQL INJECTION SUCCEEDED
{
do {
if ($result = $conn->store_result()) {
while ($row = $result->fetch_row()) {
if ($result = $conn->query("SHOW DATABASES LIKE 'mydatabase'")) { // NO MORE DATABASE LIKE THAT, IT HAS BEEN DROPPED DUE TO THE INJECTION
if($result->num_rows == 0) {
include("another.php"); // THE PROBLEM IS HERE. EVEN THOUGH THE DB IS DROPPED, THIS PAGE IS NOT RENDERING
}
}
}
$result->free();
}
} while ($conn->next_result());
}
}
?>
如有任何有用的想法,我们将不胜感激!
要包含 another.php
的代码块永远不会 运行s,因为 SHOW DATABASES 查询失败。
我测试了你的代码并添加了一些错误报告:
if ($result = $conn->query("SHOW DATABASES LIKE 'mydatabase'")) {
if($result->num_rows == 0) {
include("another.php");
}
} else {
echo "Error: {$conn->error}\n";
}
我知道了:
Error: Commands out of sync; you can't run this command now
您不能 运行 另一个 SQL 查询,而您已经执行的查询仍然有结果要获取。即使您使用 store_result()
来获取结果集,也只会获取当前结果集。您使用了 mulit_query()
来生成多个结果集。您必须处理所有结果集,直到 next_result()
循环结束,然后才能开始新查询。
这里的另一个教训是,在尝试 query()
或 multi_query()
或 prepare()
或execute()
.
这是一个示例:您必须等到最后一个结果处理完毕后才能 运行 另一个查询。这意味着 在 上 $conn->next_result()
上的循环完成。
if(isset($_POST["button_two"])){
$username = $_POST['username'];
$password = $_POST['password'];
if($conn->multi_query("SELECT id FROM users WHERE username = '$username' OR password = '$password'"))
{
do {
if ($result = $conn->store_result()) {
while ($row = $result->fetch_row()) {
// DISPLAY RESULTS FROM QUERY
}
}
$result->free();
} while ($conn->next_result());
// CAN'T START ANOTHER QUERY UNTIL AFTER THE NEXT_RESULT LOOP IS DONE
if ($result = $conn->query("SHOW DATABASES LIKE 'mydatabase'")) {
if($result->num_rows == 0) {
include("another.php");
}
}
}
早上好,
我
假设我想进行 SQL 注入以删除数据库,当它发生时,呈现 PHP 页面。一切正常,直到我希望渲染发生 - 即使注入执行并且当我检查它时数据库被删除 MySQL,仍然没有渲染。问题可能是由于 multi_query 的使用不正确造成的。代码中的注释中有更多详细信息。
<?php
include("/../../connection.php");
if(isset($_POST["button_one"])){
$username = $_POST['username'];
$password = $_POST['password'];
if($conn->multi_query("SELECT id FROM users WHERE username = '$username' OR password = '$password'")) // IF THE USER HAS A VALID USERNAME OR PASSWORD,
{
do {
if ($result = $conn->store_result()) {
while ($row = $result->fetch_row()) { // THEN ENABLE BUTTON TWO, WHICH HAS TO BE CLICKED TO DROP THE DATABASE
echo "
<script type=\"text/javascript\">
document.getElementById('button_two').disabled=false;
</script>
";
}
$result->free();
}
} while ($conn->next_result());
}
}
if(isset($_POST["button_two"])){
$username = $_POST['username']; // SQL INJECTION TO DROP THE DB HAPPENS HERE
$password = $_POST['password'];
if($conn->multi_query("SELECT id FROM users WHERE username = '$username' OR password = '$password'")) // SQL INJECTION SUCCEEDED
{
do {
if ($result = $conn->store_result()) {
while ($row = $result->fetch_row()) {
if ($result = $conn->query("SHOW DATABASES LIKE 'mydatabase'")) { // NO MORE DATABASE LIKE THAT, IT HAS BEEN DROPPED DUE TO THE INJECTION
if($result->num_rows == 0) {
include("another.php"); // THE PROBLEM IS HERE. EVEN THOUGH THE DB IS DROPPED, THIS PAGE IS NOT RENDERING
}
}
}
$result->free();
}
} while ($conn->next_result());
}
}
?>
如有任何有用的想法,我们将不胜感激!
要包含 another.php
的代码块永远不会 运行s,因为 SHOW DATABASES 查询失败。
我测试了你的代码并添加了一些错误报告:
if ($result = $conn->query("SHOW DATABASES LIKE 'mydatabase'")) {
if($result->num_rows == 0) {
include("another.php");
}
} else {
echo "Error: {$conn->error}\n";
}
我知道了:
Error: Commands out of sync; you can't run this command now
您不能 运行 另一个 SQL 查询,而您已经执行的查询仍然有结果要获取。即使您使用 store_result()
来获取结果集,也只会获取当前结果集。您使用了 mulit_query()
来生成多个结果集。您必须处理所有结果集,直到 next_result()
循环结束,然后才能开始新查询。
这里的另一个教训是,在尝试 query()
或 multi_query()
或 prepare()
或execute()
.
这是一个示例:您必须等到最后一个结果处理完毕后才能 运行 另一个查询。这意味着 在 上 $conn->next_result()
上的循环完成。
if(isset($_POST["button_two"])){
$username = $_POST['username'];
$password = $_POST['password'];
if($conn->multi_query("SELECT id FROM users WHERE username = '$username' OR password = '$password'"))
{
do {
if ($result = $conn->store_result()) {
while ($row = $result->fetch_row()) {
// DISPLAY RESULTS FROM QUERY
}
}
$result->free();
} while ($conn->next_result());
// CAN'T START ANOTHER QUERY UNTIL AFTER THE NEXT_RESULT LOOP IS DONE
if ($result = $conn->query("SHOW DATABASES LIKE 'mydatabase'")) {
if($result->num_rows == 0) {
include("another.php");
}
}
}