Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker course > Content
Hot Articles
SmoothWall Introduces Lo
Travel of the JSP+Oracle
Hacker skill: Gains Webs
Breaks through the Inter
MYSQL database injection
The Tomcat backstage tak
Breaks through the Inter
The hacker teaches you a
WinHex pursues the code
How does the hacker dest
How teaches you to take
The SQL injection revise
mssql SA jurisdiction ne
Microsoft SQL Server SA
The bored Css cross stat
Recommend Articles
The SQL injection revise
How does the hacker dest
The new military recruit
Union inquires the small
MYSQL database injection
Invades under new skill
How does the website scr
Smells searches works as
How in does the net seep
Microsoft SQL Server SA
A simple invasion, does
The mainstream raises th
The bored Css cross stat
The random combined comm
The hacker teaches you a
New Articles
Check Point offers compa
The malware spreads Cali
Full Disk Encryption pro
Cardholders should take
U.S. still more spam tha
Strong encryption L?solu
ConvexSoft DJ Audio Mixe
Few companies k?can be i
IT professionals can kee
k the media?can not by s
k the media?can not by s
Google Custom Search Eng
Users of the iPhone and
Gateshead College offers
Manchester obtained pass
MYSQL database injection essence
  Add date: 07/10/2008   Publishing date: 07/10/2008   Hits: 76
Total 6 pages, Current page:1, Jump to page:
 
I am prompted by a sudden impulse today want to write an article suddenly, I have not written an article, if has mistake's place please very much to advise.
This article needs to have the foundation SQL sentence knowledge only then to be possible a better understanding. The suggestion wants to study the human many understands the SQL sentence
With the programming language, knows oneself and the other side can be ever-victorious.
I do not hope the wing to obtain the reader your high praise, although I made contribution; Only hope this article can solve your learning process barrier, the hope
You will soon grasp related MYSQL to pour into the aspect the knowledge.
1.MYSQL injection production.
The crack has the reason: In the program execution has not carried on the filtration to the sensitive character, causes the aggressor to spread to the malicious string of character and the structure
Melts the data inquiry sentence merge, and carries out the malicious code.
We create a filtration the first procedure. Because on my machine does not have PHP, therefore I was with JAVA, my meeting
Detailed annotation.
Code
Database:
create database if not exists `test `;
USE `test `;
/* data sheet `account `table structure */
DROP TABLE IF EXISTS `account `;
CREATE TABLE `account `(
`accountId `bigint(20) NOT NULL auto_increment,
`accountName `varchar(32) default NULL,
`accountPass `varchar(32) default NULL,
PRIMARY KEY (`accountId `)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
/* data sheet `account `data */
insert into `account `values
(1, 'account1', 'account1');
/* data sheet `admin `table structure */
DROP TABLE IF EXISTS `admin `;
CREATE TABLE `admin `(
`adminId `bigint(20) NOT NULL auto_increment,
`adminName `varchar(32) default NULL,
`adminPass `varchar(32) default NULL,
PRIMARY KEY (`adminId `)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
/* data sheet `admin `data */
insert into `admin `values
(1, 'admin', 'admin');
:
Procedure:
<%@ page language= " java " import= " java.util.*, java.sql.* "
pageEncoding= " utf-8 " %>
<! DOCTYPE HTML PUBLIC “- //W3C//DTD HTML 4.01 Transitional//EN " >
<html>
<body>
<%
// connects MYSQL the string of character.
//jdbc: mysql://localhost:3306/test
// actuates: Database: // address: Port/database name
String mysqlConnection = “jdbc:mysql://localhost:3306/test”;
// loads actuates com.mysql.jdbc. Driver is the JDBC actuation which JAVA and the MYSQL connection uses
Class.forName (“com.mysql.jdbc. Driver”) .newInstance();
// establishes MYSQL to link root is user cx0321 is a password
Connection connection = DriverManager.getConnection (mysqlConnection,
“root”, “cx0321”);
// establishes an inquiry object
Statement statment = connection.createStatement();
// establishes an inquiry returns set. That is inquires the data which later will return completely inside this.
ResultSet resultSet = null;

 
Other pages: : 1 * 2 * 3 * 4 * 5 * 6 * Next>>
Prev:Union inquires the small skill Next:Invades under new skill - CMD to add the sql account number

Comment:

Category: Home > hacker course
Home