首页 > 代码库 > Sqli-LABS通关笔录-18-审计SQL注入2

Sqli-LABS通关笔录-18-审计SQL注入2

 

  1 <?php  2 //including the Mysql connect parameters.  3 include("../sql-connections/sql-connect.php");  4 error_reporting(0);  5       6 function check_input($value)  7     {  8     if(!empty($value))  9         { 10         // truncation (see comments) 11         $value = http://www.mamicode.com/substr($value,0,20); 12         } 13  14         // Stripslashes if magic quotes enabled 15         if (get_magic_quotes_gpc()) 16             { 17             $value =http://www.mamicode.com/ stripslashes($value); 18             } 19  20         // Quote if not a number 21         if (!ctype_digit($value)) 22             { 23             $value = http://www.mamicode.com/"" . mysql_real_escape_string($value) . ""; 24             } 25          26     else 27         { 28         $value =http://www.mamicode.com/ intval($value); 29         } 30     return $value; 31     } 32  33  34  35     $uagent = $_SERVER[HTTP_USER_AGENT];   #$_SERVER[‘HTTP_USER_AGENT‘]的意思是当前请求的 User_Agent: 头部的内容。 更多$_SERVER详解:http://www.cnblogs.com/xishaonian/p/6160893.html 36     $IP = $_SERVER[REMOTE_ADDR]; #当前用户的IP 37     echo "<br>"; 38     echo Your IP ADDRESS is:  .$IP; 39     echo "<br>"; 40     //echo ‘Your User Agent is: ‘ .$uagent; 41 // take the variables 42 if(isset($_POST[uname]) && isset($_POST[passwd])) #判断uname和passwd是否输入了 43  44     { 45     $uname = check_input($_POST[uname]);  #使用check_inpuut函数对传过来的uname进行过滤 46     $passwd = check_input($_POST[passwd]); #使用check_input函数对传过来的passwd进行过滤 47      48      49     echo Your Your User name:. $uname; 50     echo "<br>"; 51     echo Your Password:. $passwd; 52     echo "<br>"; 53     echo Your User Agent String:. $uagent; 54     echo "<br>"; 55     echo Your User Agent String:. $IP; 56      57  58     //logging the connection parameters to a file for analysis.     59     $fp=fopen(result.txt,a); 60     fwrite($fp,User Agent:.$uname."\n"); 61      62     fclose($fp); 63      64      65      66     $sql="SELECT  users.username, users.password FROM users WHERE users.username=$uname and users.password=$passwd ORDER BY users.id DESC LIMIT 0,1"; 67     $result1 = mysql_query($sql);  #执行$sql这一条sql语句。mysql_query是执行mysql的意思。 68     $row1 = mysql_fetch_array($result1); 69         if($row1)     #如果$row1为真 70             { 71             echo <font color= "#FFFF00" font size = 3 >; 72             $insert="INSERT INTO `security`.`uagents` (`uagent`, `ip_address`, `username`) VALUES (‘$uagent‘, ‘$IP‘, $uname)"; 73             mysql_query($insert); 74             //echo ‘Your IP ADDRESS is: ‘ .$IP; 75             echo "</font>"; 76             //echo "<br>"; 77             echo <font color= "#0000ff" font size = 3 >;             78             echo Your User Agent is:  .$uagent; 79             echo "</font>"; 80             echo "<br>"; 81             print_r(mysql_error());             82             echo "<br><br>"; 83             echo <img src="http://www.mamicode.com/images/flag.jpg"  />; 84             echo "<br>"; 85              86             } 87         else 88             { 89             echo <font color= "#0000ff" font size="3">; 90             //echo "Try again looser"; 91             print_r(mysql_error()); 92             echo "</br>";             93             echo "</br>"; 94             echo <img src="http://www.mamicode.com/images/slap.jpg"   />;     95             echo "</font>";   96             } 97  98     } 99 100 ?>

 

 

明天再继续写了。要断网了

 

Sqli-LABS通关笔录-18-审计SQL注入2