问题描述
我有一个简单的问题:假设有一个网站的查询如下:
I've got one easy question: say there is a site with a query like:
SELECT id, name, message FROM messages WHERE id = $_GET['q'].
有什么方法可以在数据库 (MySQL) 中更新/删除某些内容?到目前为止,我从未见过能够使用 SELECT 查询 删除/更新的注入,所以,它甚至可能吗?
Is there any way to get something updated/deleted in the database (MySQL)? Until now I've never seen an injection that was able to delete/update using a SELECT query, so, is it even possible?
推荐答案
如果你说你使用的mysql_query不支持多查询,你不能直接添加DELETE/UPDATE/INSERT,但在某些情况下可以修改数据.例如,假设您有以下功能
If you say you use mysql_query that doesn't support multiple queries, you cannot directly add DELETE/UPDATE/INSERT, but it's possible to modify data under some circumstances. For example, let's say you have the following function
DELIMITER //
CREATE DEFINER=`root`@`localhost` FUNCTION `testP`()
RETURNS int(11)
LANGUAGE SQL
NOT DETERMINISTIC
MODIFIES SQL DATA
SQL SECURITY DEFINER
COMMENT ''
BEGIN
DELETE FROM test2;
return 1;
END //
现在你可以在 SELECT 中调用这个函数:SELECT id, name, message FROM messages WHERE id = NULL OR testP()(id = NULL - 总是 NULL(FALSE),所以 testP() 总是被执行.
Now you can call this function in SELECT :
SELECT id, name, message FROM messages WHERE id = NULL OR testP()
(id = NULL - always NULL(FALSE), so testP() always gets executed.
这篇关于MySQL 注入 - 使用 SELECT 查询来更新/删除的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!