数据库
首页 > 数据库> > MySQL8 1Z0-908学习(4)

MySQL8 1Z0-908学习(4)

作者:互联网

问题(答案在文章最后):

Which two queries are examples of successful SQL injection attacks? (Choose two.)
A SELECT user,passwd FROM members
WHERE user = ‘?’;INSERT INTO members(‘user’,‘passwd’) VALUES (‘bob@example.com’,‘secret’);–’;
B SELECT id, name FROM user WHERE user.id=(SELECT members.id FROM members);
C SELECT id, name FROM user WHERE id=23 OR id=32 OR 1=1;
D SELECT id, name FROM user WHERE id=23 OR id=32 AND 1=1;
E SELECT email,passwd FROM members
WHERE email = ‘INSERT INTO members(‘email’,‘passwd’) VALUES (‘bob@example.com’, ‘secret’);–’;
F SELECT user, phone FROM customers WHERE name = ‘; DROP TABLE users; --’;

解析:

1, Where语句中加入"?’;",“INSERT”,“–"等特殊符号及SQL语句,会导致SQL语句被运行。

SELECT user,passwd FROM members
WHERE user = ‘?’;INSERT INTO members(‘user’,‘passwd’) VALUES (‘bob@example.com’,‘secret’);–’;
B SELECT id, name FROM user WHERE user.id=(SELECT members.id FROM members);

2, SQL语句的WHERE条件中加入”OR 1=1;“,即使其他条件不满足,也会查询出结果。

答案:

AC

标签:MySQL8,908,1Z0,passwd,user,members,WHERE,id,SELECT
来源: https://blog.csdn.net/engchina/article/details/117517797