hunt.database.Statement存在识别参数错误和SQL注入风险

Open zhkkjun opened this issue 5 years ago • 1 comments

é®é¢æ¹æ³ï¼private string sql(SqlConnection conn)

éç°ä»£ç ï¼ auto db = new Database("mysql://root:root@localhost:3306/asp?charset=utf8mb4"); auto conn = db.getConnection(); Statement stmt = db.prepare(conn, "SELECT * FROM sys_user where Name = :username "); //ä¸é¢ä¸è¡ä¼åçéè¯¯:usernameåç¼ºå°ç©ºæ ¼ä¼å¯¼è´åæ°æ æ³è¢«æ¿æ¢å¯¼è´SQLéè¯¯ //Statement stmt = db.prepare(conn, "SELECT * FROM sys_user where Name = :username"); // è¿éå¯ä»¥ç´æ¥æ³¨å¥æåï¼è¯´æåç¬¦ä¸²æ¯ç´æ¥æ¼æ¥ç stmt.setParameter("username", "' OR ''='"); RowSet rs = stmt.query(); foreach (row; rs) { writeln(row["Name"]); } conn.close(); db.close(); readln();

ç»æï¼è¾åºäºæææ°æ®

Sep 28 '20 08:09 zhkkjun

We will do more tests about this. Thanks.

Oct 02 '20 02:10 Heromyth