web安全之PHP积累

1、SQL注入

";
	echo "Hero Name : ".$row['Name']."
";
	echo "Hero Sex : ".$row['Sex']."
";
	
}  
}
else{
	echo "None";
}
mysql_close($conn);
?>

2、MySQL报错注入

alert('login successful!');";
        }
    } else {
        die("Operation error: " . mysql_error());
    }
}

mysql_close();
?>




    



    

        Username:

        Password:

        
    

3、文件包含

4、文件上传

  

 
   
 
   
 
   
 
       
 
       
 
       
 
   
 
 
文件上传--MIME验证实例
  
   
 
 
  
 
     请选择要上传的文件：  
 
       
 
   

5、XXE

";

$xml = $_GET['x'];
$data = simplexml_load_file($xml);
var_dump($data);
?>

6、代码执行

";

echo ($_GET['x']);

?>

7、命令执行

";

echo shell_exec($_GET['x']);

?>

8、变量覆盖

";

$id = 1;
$i = $_GET['x'];
$$i = $_GET['y'];
$conn = mysql_connect('127.0.0.1','root','root');

mysql_select_db("lsj",$conn);
$sql = "select * from game where Hid = '$id'";
$request = mysql_query($sql);
if (mysql_num_rows($request)){
	
while($row = mysql_fetch_array($request))
{ 
	echo "Hero ID : ".$row['Hid']."
";
	echo "Hero Name : ".$row['Name']."
";
	echo "Hero Sex : ".$row['Sex']."
";
}  }
else{
	echo "None";
}
mysql_close($conn);
?>

9、目录遍历

";

$dir_path = $_REQUEST['path'];
$file = scandir($dir_path);
var_temp($file);

?>