Is this site vulnerable to an SQL injection attack? [closed]

问题

This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.

Closed 8 years ago.

I am visiting a site and I mistakenly entered a single quote while I was trying to hit the enter key.

The URL that got sent is: http://www.domain.tld/link.php?id=2603' (censored :) )

Resulting in the following response from the site:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1

I've tried to do: http://www.domain.tld/link.php?id=2603; SHOW TABLES; But that didn't work :P

So my question is: can this site vulnerable to sql injection?

回答1:

Most likely yes. Without getting into the details of how to perform an actual injection attack, you could try something like:

http://www.domain.tld/link.php?id=2603';malicious code --

Incidentally, I HIGHLY recommend that you not dink around with this too diligently. Accessing other computers in an unauthorized manner is against the law in the US and many other countries, and if you do something damaging, they can come after you. The best bet is to contact the site's owner and let them know exactly what you're seeing so that they can address the issue.

来源：https://stackoverflow.com/questions/6181248/is-this-site-vulnerable-to-an-sql-injection-attack