php多页查询页面呈现失败

0yg35tkg  于 2021-06-24  发布在  Mysql
关注(0)|答案(1)|浏览(381)

早上好,
我昨天遇到了一些问题,得到了帮助,不幸的是,我的应用程序仍然没有100%做到我想要它做的,虽然只有一个小细节是缺失的。
给出了一个场景,在这个场景中,我希望执行sql注入来删除数据库,并在发生这种情况时呈现一个php页面。一切正常,直到我希望渲染发生-即使注入执行和数据库删除时,我检查它mysql,仍然没有渲染。这个问题可能是由于不正确使用multi\ u查询造成的。更多细节请参见代码中的注解。

<?php
include("/../../connection.php");

if(isset($_POST["button_one"])){
    $username = $_POST['username'];
    $password = $_POST['password'];

    if($conn->multi_query("SELECT id FROM users WHERE username = '$username' OR password = '$password'")) // IF THE USER HAS A VALID USERNAME OR PASSWORD,
    {
        do {
            if ($result = $conn->store_result()) {
                while ($row = $result->fetch_row()) { // THEN ENABLE BUTTON TWO, WHICH HAS TO BE CLICKED TO DROP THE DATABASE
                    echo "
                    <script type=\"text/javascript\">
                        document.getElementById('button_two').disabled=false;
                    </script>
                    ";
                }
                $result->free();
            }
        } while ($conn->next_result());
    }
}

if(isset($_POST["button_two"])){
    $username = $_POST['username']; // SQL INJECTION TO DROP THE DB HAPPENS HERE
    $password = $_POST['password'];

    if($conn->multi_query("SELECT id FROM users WHERE username = '$username' OR password = '$password'")) // SQL INJECTION SUCCEEDED
    {
        do {
            if ($result = $conn->store_result()) {
                while ($row = $result->fetch_row()) {
                    if ($result = $conn->query("SHOW DATABASES LIKE 'mydatabase'")) { // NO MORE DATABASE LIKE THAT, IT HAS BEEN DROPPED DUE TO THE INJECTION
                        if($result->num_rows == 0) {
                            include("another.php"); // THE PROBLEM IS HERE. EVEN THOUGH THE DB IS DROPPED, THIS PAGE IS NOT RENDERING
                        }
                    }
                }
                $result->free();
            }
        } while ($conn->next_result());
    }
}
?>

任何有用的想法都将不胜感激!

a1o7rhls

a1o7rhls1#

包含another.php的代码块从未运行,因为show databases查询失败。

我测试了您的代码并添加了一些错误报告:

if ($result = $conn->query("SHOW DATABASES LIKE 'mydatabase'")) {
    if($result->num_rows == 0) {
        include("another.php");
    }
} else {
    echo "Error: {$conn->error}\n";
}

我知道了:
错误:命令不同步;现在不能运行此命令
当已经执行的sql查询仍有结果要获取时,不能运行另一个sql查询。即使你用过 store_result() 要获取结果集,只获取当前结果集。你曾经 mulit_query() 生成多个结果集。您必须处理所有结果集,直到 next_result() 循环,然后才能开始新的查询。
这里的另一个教训是,您应该始终检查并报告错误后,您尝试 query() 或者 multi_query() 或者 prepare() 或者 execute() .
下面是一个示例:您必须等到最后一个结果被处理之后,才能运行另一个查询。这意味着在循环打开后 $conn->next_result() 完成了。

if(isset($_POST["button_two"])){
    $username = $_POST['username'];
    $password = $_POST['password'];

    if($conn->multi_query("SELECT id FROM users WHERE username = '$username' OR password = '$password'"))
    {
        do {
            if ($result = $conn->store_result()) {
                while ($row = $result->fetch_row()) {
                    // DISPLAY RESULTS FROM QUERY
                }
            }
            $result->free();
        } while ($conn->next_result());

        // CAN'T START ANOTHER QUERY UNTIL AFTER THE NEXT_RESULT LOOP IS DONE
        if ($result = $conn->query("SHOW DATABASES LIKE 'mydatabase'")) {
            if($result->num_rows == 0) {
            include("another.php");
        }
    }
}

相关问题