






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
some words about sql injection in Uzbek language
Typology: Essays (university)
1 / 10
This page cannot be seen from the preview
Don't miss anything!







Figure 5.5 Typical SQL I njection Attack
Legend:.
Internet Router Firewall
Switch
Wireless access point
Web servers
Web application server Databaseservers Database
Data exchanged between hacker and servers Two-way traffic between hacker and Web server Credit card data is retrieved from database
SQLi hujum 2 xil yo‘l bilan amalga oshiriladi
(Массовое извлечение данных)^ (Массовое извлечение данных)
1. SQLi satr ko‘rinishida: SELECT * from table where name = “$_GET[‘name’]”
SELECT * from table where user_agent = ‘$_SERVER[“HTTP_USER_AGENT”]’
1. SQLi satr ko‘rinishida: SELECT * from table where name = “$_GET[‘name’]”
SELECT * from table where user_agent = ‘ 2. SQLi raqamli ko‘rinishida: $_SERVER[“HTTP_USER_AGENT”]’
SELECT * from table where id = $_COOKIE[“id”] SELECT * from table wherer news = 123 limit $_POST[“limit”]
// Мы никак не проверили переменную $_POST['password'], // а она может содержать совсем не то, что мы ожидали. Например:
$_POST['password'] = “ ' OR ''=‘ “; // посылаем запрос, чтобы проверить имя и пароль пользователя
password='{$_POST['password']}'";
// посмотрим, какой запрос будет отправлен в MySQL:
?>
7
Himoyaviy kod^ Himoyaviy kod
Aniqlash^ Aniqlash^ • So‘rov modelining kiritilayotgan ma’lumot (SQLi) bilan mosligini tekshirish
SQLi ishlashining oldini olish
SQLi ishlashining oldini olish
$id = $_GET['id']; $id = stripslashes($id); // ekranizatsiyani – 2ta bir xil belgi birga kelishini oldini oladi $id = mysql_real_escape_string($id); // odatda belgilar oldidan \ belgisini qo‘shishda
if (is_numeric($id)){ // tipni sonlikka tekshiradi (bool)
$getid="SELECT first_name, last_name FROM users WHERE user_id = '$id'"; $result=mysql_query($getid) or die('
'. mysql_error(). '' );
$num=mysql_num_rows($result); $i=0; while ($i < $num) { $first=mysql_result($result,$i,"first_name"); $last=mysql_result($result,$i,"last_name"); echo "
ID: $id"; $i++; } } ?> 10
First name: $first
Surname: $last