JSP SQL注入
2016-04-07 11:10
302 查看
Login.JSP
Servlet:
DAO:
ResultSet ret = sta.executeQuery("SELECT Pwd FROM [USER] WHERE UserName = '"+ myName + "' AND Pwd = '" + pwd + "'");
数据库:"USER表"
混乱SQL文:
1.Apple' or 1=1--
2.Apple' or 1=1; Update [USER] SET Pwd = '123';--
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <% String path = request.getContextPath(); String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + path + "/"; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <base href="<%=basePath%>"> <title>Login</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page"> </head> <body> <form method="POST" action="servlet/Login"> 用户名: <input type="text" name="UserName" value=""> <BR> 密 码: <input type="password" name="Pwd"> <BR> <input type="submit"> </form> </body> </html>
Servlet:
package servlet; import java.io.*; import javax.servlet.*; import javax.servlet.http.*; import dao.*; public class Login extends HttpServlet { public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String strUserName = request.getParameter("UserName"); String strPwd = request.getParameter("Pwd"); String strLoginSuccess = ""; if (LoginDao.CheckUser(strUserName, strPwd)) { strLoginSuccess = "登录成功"; } else { strLoginSuccess = "登录失败"; } // 使结果显示输出中文 response.setCharacterEncoding("UTF-8"); PrintWriter out = response.getWriter(); out.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">"); out.println("<HTML>"); out.println(" <meta charset='UTF-8'>"); out.println(" <HEAD><TITLE>登录结果</TITLE></HEAD>"); out.println(" <BODY>"); out.print("[" + strLoginSuccess + "]"); out.println(" </BODY>"); out.println("</HTML>"); out.flush(); out.close(); } }
DAO:
package dao; import java.sql.Connection; import java.sql.DriverManager; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; public class LoginDao { static String url = "jdbc:sqlserver://127.0.0.1:1433;DataBaseName=HUAWEI"; static Connection con = null; static Statement sta = null; public static boolean CheckUser(String strUserName, String strPwd) { boolean bRet = false; try { // 连接 Connc(); bRet = doLogin(strUserName, strPwd); // 关闭 Close(); } catch (ClassNotFoundException e) { e.printStackTrace(); } catch (SQLException e) { e.printStackTrace(); } return bRet; } static void Connc() throws ClassNotFoundException, SQLException { Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver"); con = DriverManager.getConnection(url, "sa", "sa"); } static void Close() throws SQLException { if (con != null) { con.close(); con = null; } } static boolean doLogin(String myName, String pwd) { String strPwdFromDb = ""; boolean bRet = false; try { sta = con.createStatement();
ResultSet ret = sta.executeQuery("SELECT Pwd FROM [USER] WHERE UserName = '"+ myName + "' AND Pwd = '" + pwd + "'");
if (ret.next()) { bRet = true; } if (sta != null) { sta.close(); sta = null; } return bRet; } catch (SQLException e) { e.printStackTrace(); } return bRet; } }
数据库:"USER表"
UserName | Pwd |
Apple | 123 |
Boy | 456 |
Cat | 789 |
Dog | ABC |
NULL | NULL |
1.Apple' or 1=1--
2.Apple' or 1=1; Update [USER] SET Pwd = '123';--
相关文章推荐
- 查询数据库里所有表名和字段名
- 应用plsql进行数据库远程连接
- SQL SERVER
- mysql-mha
- Redis基本使用
- 数据库 SQL Server游标
- oracle创建dblink
- SQL Server 使用日志传送
- Mac下xampp无法启动mysql?
- PDM与数据库
- 数据库(Mysql)之count(column),count(1),count(*)用法
- SQL Server 2005 cmd工具的使用
- Redis集群的部署
- Mysql Load操作
- PowerDesigner(七)-数据库的生成和修改
- Postgresql允许远程访问配置修改
- Oracle 追踪回话SQL几种方法
- ORACLE
- Redis开源代码读书笔记九(Object模块)
- MySQL数据类型格式及长度