";}((is_null($___mysqli_res = mysqli_close($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res); }?>mysqli_real_escape_string()会将转义特殊字符,一定程度上防止SQL注入 。但是它也有漏洞,在MySQL5.5.37以下版本有绕过方法 。sleep(2)降低了暴力破解速度,嗯,但是没有从根源上防住爆破呀!因此,破解方法同Low级别 。
Username and/or password incorrect.
High级别代码如下;
【「黑客工具」Web渗透测试-DVWA的暴力破解操作】<?phpif( isset( $_GET[ 'Login' ] ) ) {// Check Anti-CSRF tokencheckToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 'index.php' );// Sanitise username input$user = $_GET[ 'username' ];$user = stripslashes( $user );$user = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $user ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : ""));// Sanitise password input$pass = $_GET[ 'password' ];$pass = stripslashes( $pass );$pass = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $pass ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : ""));$pass = md5( $pass );// Check database$query = "SELECT * FROM `users` WHERE user = '$user' AND password = '$pass';";$result = mysqli_query($GLOBALS["___mysqli_ston"], $query ) or die( '<pre>' . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)) . '</pre>' );if( $result && mysqli_num_rows( $result ) == 1 ) {// Get users details$row = mysqli_fetch_assoc( $result );$avatar = $row["avatar"];// Login successfulecho "<p>Welcome to the password protected area {$user}</p>";echo "<img src=https://www.isolves.com/it/aq/rj/2019-10-16/"{$avatar}" />";}else {// Login failedsleep( rand( 0, 3 ) );echo "
";}((is_null($___mysqli_res = mysqli_close($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res); }// Generate Anti-CSRF token generateSessionToken();?>代码中加入了user_token,每次提交需要将username、password、Login和user_token四个参数一起提交到后台,因此要想解决每次变化的user_token需要每次重新获取,破解难度提升,需要编码解决 。
Username and/or password incorrect.
Impossible级别代码如下;
<?phpif( isset( $_POST[ 'Login' ] ) ) {// Check Anti-CSRF tokencheckToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 'index.php' );// Sanitise username input$user = $_POST[ 'username' ];$user = stripslashes( $user );$user = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $user ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : ""));// Sanitise password input$pass = $_POST[ 'password' ];$pass = stripslashes( $pass );$pass = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $pass ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : ""));$pass = md5( $pass );// Default values$total_failed_login = 3;$lockout_time = 15;$account_locked = false;// Check the database (Check user information)$data = https://www.isolves.com/it/aq/rj/2019-10-16/$db->prepare( 'SELECT failed_login, last_login FROM users WHERE user = (:user) LIMIT 1;' );$data->bindParam( ':user', $user, PDO::PARAM_STR );$data->execute();$row = $data->fetch();// Check to see if the user has been locked out.if( ( $data->rowCount() == 1 ) && ( $row[ 'failed_login' ] >= $total_failed_login ) ) {// User locked out. Note, using this method would allow for user enumeration!//echo "
";// Calculate when the user would be allowed to login again$last_login = strtotime( $row[ 'last_login' ] );$timeout = $last_login + ($lockout_time * 60);$timenow = time();/*print "The last login was: " . date ("h:i:s", $last_login) . "
This account has been locked due to too many incorrect logins.
";print "The timenow is: " . date ("h:i:s", $timenow) . "
";print "The timeout is: " . date ("h:i:s", $timeout) . "
";*/// Check to see if enough time has passed, if it hasn't locked the accountif( $timenow
推荐阅读
- P挡可替代「手刹车」使用吗?
- 来看看黑客们都爱用哪些工具?Top 5 黑客工具排行
- 「摄像头与成像」长文详解RAW图的来龙去脉
- 「职场招聘」黑话翻译手册
- 「闽茶说」超小众的福建绿茶,喝过2种算你厉害
- 国产剧|国产剧只剩「恐婚套餐」?
- 一年中最热的时候,「上热下寒」该怎么调?
- 「C语言」常用算法
- WordPress 网站地图 sitemap.xml 纯代码设置方法「亲测有效」
- 揭秘Wi-Fi 6