如何构造一个注入点

　　在测试过程中，经常需要自己本地构造注入点来进行SQL测试，这边分享一下，不同环境下构造SQL注入的代码。

PHP+MYSQL版

<?php
$con = mysql_connect("localhost","root","root");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("test", $con);
$id = $_REQUEST[ 'id' ];
$query  = "SELECT * FROM admin WHERE username = $id ";

$result = mysql_query($query);

while($row = mysql_fetch_array($result))
  {
  echo $row['0'] . " " . $row['1'];
  echo "<br />";
  }
echo "<br/>";
echo $query;

mysql_close($con);
?>

ASP+MSSQL版

<%    
strSQLServerName = "127.0.0.1"   '服务器名称或地址
strSQLDBUserName = "sa"       '数据库帐号
strSQLDBPassword = "andyou"       '数据库密码
strSQLDBName = "test"       '数据库名称
Set conn = Server.CreateObject("ADODB.Connection")
strCon = "Provider=SQLOLEDB.1;Persist Security Info=False;Server=" & strSQLServerName & ";User ID=" & strSQLDBUserName & ";Password=" & strSQLDBPassword & ";Database=" & strSQLDBName & ";"
conn.open strCon
set rs=Server.CreateObject("ADODB.recordset")
id = request("id")
sql="select * from admin where id="&id
Response.Write(sql)
rs.Open sql,conn
%>

<table border="1" width="100%">
  <tr>
  <%for each x in rs.Fields
    response.write("<th>" & x.name & "</th>")
  next%>
  </tr>
  <%do until rs.EOF%>
    <tr>
    <%for each x in rs.Fields%>
      <td><%Response.Write(x.value)%></td>
    <%next
    rs.MoveNext%>
    </tr>
  <%loop
  rs.close
  conn.close%>
</table>

ASP.NET+MSSQL版

<%@ Page Language="C#" AutoEventWireup="true" %>
<%@ Import Namespace="System.Data" %>
<%@ Import namespace="System.Data.SqlClient"  %>
<!DOCTYPE html>
<script runat="server">
     private DataSet resSet=new DataSet();
    protected void Page_Load(object sender, EventArgs e)
    {
        String strconn = "server=.;database=test;uid=sa;pwd=andyou";
        string id = Request.Params["id"];
        //string sql = string.Format("select * from admin where id={0}", id);
        string sql = "select * from admin where id=" + id;
    SqlConnection connection=new SqlConnection(strconn);
        connection.Open();
        SqlDataAdapter dataAdapter = new SqlDataAdapter(sql, connection);
        dataAdapter.Fill(resSet);
        DgData.DataSource = resSet.Tables[0];
        DgData.DataBind();
        Response.Write("执行语句:<br>"+sql);
        Response.Write("<br>结果为:");
    }

</script>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
    
        <asp:DataGrid ID="DgData" runat="server" BackColor="White" BorderColor="#3366CC" 
            BorderStyle="None" BorderWidth="1px" CellPadding="4" 
                HeaderStyle-CssClass="head" Width="203px">
            <FooterStyle BackColor="#99CCCC" ForeColor="#003399" />
            <SelectedItemStyle BackColor="#009999" Font-Bold="True" ForeColor="#CCFF99" />
            <PagerStyle BackColor="#99CCCC" ForeColor="#003399" HorizontalAlign="Left" 
                Mode="NumericPages" />
            <ItemStyle BackColor="White" ForeColor="#003399" />
<HeaderStyle CssClass="head" BackColor="#003399" Font-Bold="True" ForeColor="#CCCCFF"></HeaderStyle>
        </asp:DataGrid>
    
    </div>
    </form>
</body>
</html>

关于我：一个网络安全爱好者，致力于分享原创高质量干货，欢迎关注我的个人微信公众号：Bypass--，浏览更多精彩文章。