其他分享
首页 > 其他分享> > 2018-2019-2 网络对抗技术 20165227 Exp8 Web基础

2018-2019-2 网络对抗技术 20165227 Exp8 Web基础

作者:互联网

2018-2019-2 网络对抗技术 20165227 Exp8 Web基础

问题

实验步骤

实验一:Web前端HTML

1、安装Apache(已安装)
2、Apache

3、测试

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>登录页面</title>
<script language="javascript">
var movingID=null;
var scrolling=false;
function startMove()
{
    
    var left=eval(bear.style.left.replace("px",""));
    if(left <document.body.scrollWidth-400)
        bear.style.left=left+1;
    else
        bear.style.left=1;
    movingID=setTimeout("startMove()",0.1); 
    
}
function mysubmit()
{ 
    if(document.form1.password.value==""   || document.form1.username.value=="")
    {
        alert("账号、密码不能为空!");
        window.location.href="login.html"
    
    }   
    else
       form1.submit();

}
</script>
<style type="text/css">
a:link{color:#41506D;font-size:125%;text-decoration:none}
a:visited{color:#41506D;font-size:125%;text-decoration:none}
a:hover{color:#FFF200;font-size:125%;text-decoration:none}
</style>
</head>
<body  onl oad="startMove()" style="background-image: url(./login.png);background-repeat:no-repeat;topmargin:60;leftmargin:12 ;overflow-x:hidden;overflow-y:scroll;" >
<br><br><br>
    <p align="right">
    <a  target=_parent href="index.jsp" >登 录</a>    &nbsp;&nbsp;     <a target=_parent href="addone.jsp" >注 册</a>
    </p>
<form action="login.php" method="POST" name="form1">
<table style="background: url(./登录.png);background-repeat:no-repeat;position:relative;left:300px;top:0px;border-collapse:collapse;">
<tr><th style="border:5px solid white;height:50px;width:230px;padding:0px;text-align:center;vertical-align:center;color:#41506D;font-size:150%;font-family:Microsoft YaHei UI;">
 登 录 界 面
</th></tr>
<tr>
<td style="border:5px solid white;height:180px;width:230px;padding:0px;text-align:center;vertical-align:center;color:#41506D;">

<p style="position:absolute;left:27px;top:50px;font-size:130%;color:black;font-family:Microsoft YaHei UI;">用户名 </p>
 <input align="center" type="text" name = "username"  style="position:absolute;left:100px;top:70px;height:35px;width:100px;font-size:130%;"/> <br><br>
<p style="position:absolute;left:27px;top:100px;font-size:130%;color:black;font-family:Microsoft YaHei UI;">密&nbsp;&nbsp;&nbsp;码 </p>
&nbsp; <input align="center" type="password" name = "password"  style="position:absolute;left:100px;top:120px;height:35px;width:100px;font-size:130%;"> <br>
<input type = "button" value = "提交" onClick="mysubmit()" style="position:absolute;left:50px;top:190px;height:35px;width:150px;font-size:120%;">

</td>
</tr>
</table></form>

<div id="bear" style="visibility:visible;position:absolute;left:1px;top:330px;z-index:1;width:400px;height:170px;overflow-x:hidden;overflow-y:hidden;">
</div>

</body>
</html>

实验二:Web前端javascipt

实验三:Web后端

1、Mysql安装(自带)
2、启动

<?php

$uname=($_POST["username"]);
$pwd=($_POST["password"]);

echo $uname; 

$query_str="SELECT * FROM zy where username='{$uname}' and password='{$pwd}';";

/* echo "<br> {$query_str} <br>";*/

$mysqli = new mysqli("127.0.0.1", "zhuyue", "5227", "zhuyue27");

/* check connection */
if ($mysqli->connect_errno) {
    printf("Connect failed: %s\n", $mysqli->connect_error);
    exit();
}
echo "connection ok!";
/* Select queries return a resultset */
if ($result = $mysqli->query($query_str)) {
    if ($result->num_rows > 0 ){
        echo "<br> Wellcome login Mr/Mrs:{$uname} <br> ";
    } 
    else {
        echo "<br> login failed!!!! <br> " ;
    }

    /* free result set */
    $result->close();
}


$mysqli->close();

?>

实验四:SQL注入

(这时候的合成后的SQL查询语句为select * from users where username='' or 1=1#' and password=md5(''),#相当于注释符,会把后面的内容都注释掉,而1=1是永真式,所以这个条件肯定恒成立)

实验五:XSS攻击测试

实验感想

标签:Web,Exp8,数据库,5227,用户,表单,2019,sql,输入
来源: https://www.cnblogs.com/zhuyue-study/p/10888846.html