Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SQL Injection Basics
Search
Kentaro Kuribayashi
October 02, 2012
Technology
17k
8
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
SQL Injection Basics
社内勉強会用資料です。
Kentaro Kuribayashi
October 02, 2012
More Decks by Kentaro Kuribayashi
See All by Kentaro Kuribayashi
あとはAIに任せて人間は自由に生きる
kentaro
5
2.2k
社会人力と研究力ー博士号をキャリアの武器にするー
kentaro
3
320
IoTシステム開発の複雑さを低減するための統合的アーキテクチャ
kentaro
2
2.5k
Bidirectional Quadratic Voting Leveraging Issue-Based Matching
kentaro
2
780
大高生へのメッセージ(令和6年度「大高未来塾」) / Messages to Current Students
kentaro
0
350
「始め方」の始め方 / How to Start Starting Things
kentaro
5
1k
Dynamic IoT Applications and Isomorphic IoT Systems Using WebAssembly
kentaro
1
1.7k
わたしがこのところハマっている「ライセンスフリー無線」のご紹介 / An Invitation to License-Free Radio
kentaro
1
770
先行きの見えなさを楽しさに変える ーVUCA時代のキャリア論と絶対他力主義ー / How to develop your career in the VUCA era
kentaro
8
6.9k
Other Decks in Technology
See All in Technology
クラウド上のデータ復旧で見落としがちな制約: 医療系 SaaS の BCP 設計から得た教訓
kakehashi
PRO
0
2.9k
プロダクトだけじゃない、社内プロセスにおける自動化・省力化ノススメ
kakehashi
PRO
1
3.2k
ゼロをイチにする仕事が終わったあと
smasato
0
320
DMM.com 購入改善推進チーム におけるCodeRabbitを用いた レビューフロー改善の一例
ysknsid25
2
570
ループエンジニアリングでE2Eテストを実践
noriyukitakei
0
320
AIペネトレーションテスト・ セキュリティ検証「AgenticSec」紹介資料
laysakura
2
8.1k
GuardrailからGovernanceへ~AIエージェント運用の次の課題~
sbspsy
1
240
事業価値を⽣み出すSREへ SREが担うべき意思決定の5層
kenta_hi
2
2.8k
ヘルスケア領域における AI 活用と その安全性担保のための取り組み (Leveraging AI in Healthcare and Our Efforts to Ensure Its Safety) - Google I/O Extended Tokyo 2026, July 11, 2026
zettaittenani
0
230
Amazon EVS で VCF 9.0 / 9.1 のサポート開始まとめ
mtoyoda
0
280
Baseline対応のDOMの型定義を作った
uhyo
3
720
次世代ランサムウェア対策の考察 / 20260704 Mitsutoshi Matsuo
shift_evolve
PRO
5
1.7k
Featured
See All Featured
[RailsConf 2023] Rails as a piece of cake
palkan
59
6.7k
The Straight Up "How To Draw Better" Workshop
denniskardys
239
140k
Code Reviewing Like a Champion
maltzj
528
40k
Claude Code どこまでも/ Claude Code Everywhere
nwiizo
65
56k
Unsuck your backbone
ammeep
672
58k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
128
56k
Efficient Content Optimization with Google Search Console & Apps Script
katarinadahlin
PRO
1
670
Ecommerce SEO: The Keys for Success Now & Beyond - #SERPConf2024
aleyda
1
2.1k
GitHub's CSS Performance
jonrohan
1033
470k
The World Runs on Bad Software
bkeepers
PRO
72
12k
GraphQLの誤解/rethinking-graphql
sonatard
75
12k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
3k
Transcript
42-ΠϯδΣΫγϣϯͷ ݪཧɾݪଇ @kentaro ܀ྛ݈ଠ paperboy&co. http://www.flickr.com/photos/vissago/3270115155/
@kentaro ΤϯδχΞ 1FSMFS ϧϏʔετ ʮͪʯʮͪ ͺʔʯ࢝ऀ /FX ܀ྛ݈ଠ paperboy&co.
‣42-ΠϯδΣΫγϣϯࣗମͷৄࡉ ޙड़ͷࢀߟจݙΛࢀরͷ͜ͱ ‣͜͜Ͱ42-ΠϯδΣΫγϣϯΛ ࢝Ίͱ͢Δɺ͘8FCηΩϡϦςΟ ʹؔ͢Δݪཧɾݪଇʹ͍ͭͯड़·͢ લఏ
42-ΠϯδΣΫγϣϯɺ42-ͷݺͼग़͠ํʹෆඋ͕͋Δ߹ʹൃੜ͢Δ੬ ऑੑͰ͢ɻΞϓϦέʔγϣϯʹ42-ΠϯδΣΫγϣϯ੬ऑੑ͕͋Δ߹ɺҎԼ ͷΑ͏ͳӨڹΛड͚ΔՄೳੑ͕͋Γ·͢ɻͯ͢ɺ߈ܸऀ͕ೳಈతʹ ར༻ऀͷ ؔ༩ͳ͠Ͱ αʔόʔΛ߈ܸͰ͖·͢ɻ ‣σʔλϕʔεͷͯ͢ͷใ͕֎෦͔Β౪·ΕΔ ‣σʔλϕʔεͷ༰͕ॻ͖͑ΒΕΔ ‣ೝূΛճආ͞ΕΔ *%ͱύεϫʔυΛ༻͍ͣʹϩάΠϯ͞ΕΔ
‣ͦͷଞɺσʔλϕʔεαʔόʔ্ͷϑΝΠϧͷಡΈग़͠ɺॻ͖ࠐΈɺϓϩά ϥϜͷ࣮ߦͳͲΛߦΘΕΔ 42-ΠϯδΣΫγϣϯ ʰମܥతʹֶͿ҆શͳ8FCΞϓϦέʔγϣϯͷ࡞ΓํʱQ ҎԼʰಙؙຊʱ
$sql = "SELECT * FROM user WHERE uid = "
. $uid . " AND provider = '" . $provider . "'"; ΠϯδΣΫγϣϯͷྫ SELECT * FROM user WHERE uid = 9999 AND provider = ''; DELETE FROM user; -- ͠$provider͕͜͏ͩͬͨΒ '; DELETE FROM user; -- ʘ ?P? ʗ
͠੬ऑੑ͕͋ͬͨΒ ใ͕ྲྀग़ͨ͠߹ʹاۀଘଓͷةػʹͭͳ͕Γ͔Ͷͳ͍ɻ ใॲཧਪਐػߏʢ*1"ʣ42-ΠϯδΣΫγϣϯʹΑΔඃ͔Β ͷ෮چίετԯԁΛ͑͏Δͱ͓ͯ͠Γɺ࣮ࡍʹαϯυϋ εͷࣄྫͰิঈͷΈͰ໊ʹԁ૬ͷظݶ ͖ΫϨδοτΛෛ୲͍ͯ͠Δɻิঈͷ΄͔ʹઐՈʹΑΔௐ ࠪɺγεςϜͷೖΕସ͑ɺސ٬ରԠɺҰ࣌ดʹΑΔӦۀػձͷ ҳࣦɺ෩ධඃͱ͍ͬͨෛ୲͕͋Γɺ42-ΠϯδΣΫγϣϯؚ ΊηΩϡϦςΟରࡦݫີʹߦ͏͖Ͱ͋Δɻ IUUQKBXJLJQFEJBPSHXJLJ42-ΠϯδΣΫγϣϯ
੬ऑੑͷछྨ ʰಙؙຊʱQ
ΠϯδΣΫγϣϯܥ ʰಙؙຊʱQ 42-ΠϯδΣΫγϣϯ੬ऑੑ͕ൃੜ͢ΔݪҼɺͱͱʮσʔλʯΛఆ͠ ͍ͯΔͱ͜ΖʹγϯάϧΫΥʔτʮʯΛͬͯσʔλ෦ΛऴΘΒͤɺ42- จͷߏΛมԽͤͨ͞ͱ͜Ζʹ͋Γ·͢ɻ͜ͷݪཧଞͷΠϯδΣΫγϣϯܥ ੬ऑੑͰಉ͡Ͱ͢ɻσʔλͷதʹҾ༻ූσϦϛλͳͲʮσʔλͷऴʯΛ ࣔ͢ϚʔΫΛࠞೖͤͯ͞ɺͦͷޙͷจࣈྻͷߏΛมԽͤ͞ΔͷͰ͢ɻ
ݪཧ ‣94442-ΠϯδΣΫγϣϯɺ ى͜Δݪཧಉ͡ ‣)5.-ʹͤΑ42-ʹͤΑɺ8FCΞ ϓϦͷมͱ·ͬͨ͘ผͷϧʔϧ ʹΑͬͯߏங͞ΕΔจࣈྻ ‣ͦΕΒͷੈքͷϧʔϧΛཚ͞ͳ͍Α ͏ʹҙ͢Δඞཁ͕͋Δͱ͍͏Ͱಉ ͡
ݩʑɺ)5.-Λग़ྗ͢Δͱ͖ɺͦͷग़ྗશମʹରͯ͠ʮʯʮʯʮʯͷ Τεέʔϓॲཧͷݕ౼͕ཁٻ͞Ε͍ͯΔͷͰ͋ͬͯɺ$(*ೖྗʹґଘ͍ͯ͠Δ ͔Ͳ͏͔ແؔͰ͋Δɻͦ͜ͷߟ͑ํʹʮແಟԽʯͩͷʮແԽʯͩͷʮফ ಟʯͩͷʮαχλΠζʯͩͷʮαχλΠδϯάʯͩͷͱ͍͏ʢ࠷ۙྲྀߦͷʣൃ ग़ͯ͜ͳ͍ɻ ʮαχλΠζݴ͏ͳΩϟϯϖʔϯʯͱԿ͔ http://takagi-hiromitsu.jp/diary/20051227.html#p02 ݪཧ
ೖྗͷݕূʁ ‣όϦσʔγϣϯΞϓϦతʹॏཁ ‣ͨͩ͠ɺͦΕΞϓϦͷ༷ͷ Ͱ͋ͬͯɺ42-ΠϯδΣΫγϣϯͱ ؔͳ͍ ‣݁Ռతʹཱͭ͜ͱ͋Δ͚ͩ
αχλΠζʁ ‣͍͏ͳ CZͻΖΈͪΎઌੜ ‣Ͳ͏ͤ࿙ΕΔ ‣લड़ͷ௨Γɺҧ͏ϧʔϧͷจࣈྻΛ ࡞͠Α͏ͱ͍ͯ͠Δͷ͔ͩΒʮԚ છʯ͞ΕͯΑ͏͕ͳΜͩΖ͏͕ɺશͯ దʹॲஔ͢Δ͖
҉ͷલఏΛආ͚Δ ‣$entry->user_idʹ͔͋͠Γಘͳ͍ ͱ͍͏લఏʹཔΒͳ͍ ‣ͦΕ͕ຊʹͦ͏͔ͳΜͯΘ͔Βͳ͍͠ɺ Βͳ͍ؒʹલఏ͕มΘΔ͔͠Εͳ͍ ‣ੲ͋ͬͨmagic_quotes_gpc=onͱ͔֎ "select * from user
where user_id = " . $entry->user_id
είʔϓΛڱΊΔ ‣มͷείʔϓͰ͖Δ͚ͩڱ͍ํ͕Α͍ͱ ͍͏ϓϩάϥϛϯάͷݪଇΛద༻ ‣άϩʔόϧมΛͰ͖Δ͚ͩආ͚Δ͖Ͱ͋ Δͷͱಉ༷ ‣ۙͷίʔυͷΈͰ҆શੑΛ֬ೝͰ͖Δํ͕ Α͍ ‣ίʔυ͔Βԕ͘ΕͨॴͰอূ͞Ε͍ͯΔ ͔͠Εͳ͍ ͜ͱʹͨΑͬͯॲཧΛม͑Δ
͖Ͱͳ͍
ग़ྗͷۙͰॲஔ ‣ϓϩάϥϜͷม ϢʔβೖྗͰ%#͔Β ͖ͨͷͰͳΜͰ ͱ)5.-42-Λ݁߹ ͢Δࡍʹɺͦͷ݁߹ͷۙͰɺ)5.-42- ͷϧʔϧʹ߹ΘͤͨͳΜΒ͔ͷॲஔΛࢪ͢ ‣)5.-ͳΒhtmlspecialchars($str, ENT_QUOTES)͢Δ͠ɺ42-ͳΒϓϨʔεϗϧ μΛ͏ͳͲ
42-ΠϯδΣΫγϣϯͷࠜຊతղܾͷجຊόΠϯυػߏΛ༻͢Δ͜ͱͰ͢ ͕ɺԿΒ͔ͷཧ༝ʹΑΓόΠϯυػߏͰ࣮Ͱ͖ͳ͍߹ɺΤεέʔϓॲཧ ʹΑΔରࡦࠜຊతղܾͷҰͭʹͳΔͱ͍ͯ͠·͢ɻ͔͠͠ɺ্ͷҾ༻෦ʹ ͋ΔΑ͏ʹɺ42-ʹͱͬͯಛผͳҙຯΛ࣋ͭه߸ʢϝλจࣈʣɺσʔλϕʔ εΤϯδϯʹΑͬͯҟͳΔͷͰ͋ΓɺڥʹԠͯ͡ରࡦ͢Δඞཁ͕͋Γ· ͢ɻ ʰ҆શͳΣϒαΠτͷ࡞Γํผɿʮ҆શͳ42-ͷݺͼग़͠ํʯʱQ ݪଇ
mysql_queryؔ ‣ඇਪͰ͢ ‣Θͳ͍Α͏ʹ $sql = vsprintf( "SELECT * FROM user
WHERE uid = %d AND provider = '%s'", array_map('mysql_real_escape_string', array($uid, $provider)) ); $result = mysql_query($sql);
1&"3%# $result = $db->query( "SELECT * FROM user WHERE uid
= ? AND provider = ?", array($uid, $provider) ); ‣։ൃఀࢭ͍ͯ͠·͢ ‣Θͳ͍Α͏ʹ
1%0 ‣ʮ1%0ʹ͓͚ΔҰԠͷ҆શએݴͱΔ ʯIUUQCMPHUPLVNBSVPSH QEPIUNMΑΓվมͷ্ܝࡌ $dbh = new PDO('mysql:host=hostname;dbname=dbname;charset=utf8', “user”, “pass”);
// ੩తϓϨʔεϗϧμΛࢦఆ $dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); $sth = $dbh->prepare("SELECT * FROM user WHERE uid =? AND provider = ?"); $sth->setFetchMode(PDO::FETCH_NUM); $sth->bindParam(1, $uid, PDO::PARAM_INT); $sth->bindParam(2, $provider, PDO::PARAM_STR); $sth->execute();
1&"3.%# ‣ʰಙؙຊʱQΑΓɺվมͷ্ܝࡌ header('Content-Type: text/html; charset=UTF-8'); $mdb2 = MDB2::connect('mysql://user:pass@hostname/dbname? charset=utf8'); $sql
= "SELECT * FROM user WHERE id = ? AND provider = ?"; $stmt = $mdb2->prepare($sql, array($uid, $provider)); $rs = $stmt->execute(array($author));
ԿΛ͍͍͑ͷʁ ‣1)1Ҏલͷ1%0จࣈίʔυ·ΘΓ Ͱ͍Ζ͍Ζ໘ ‣1&"3.%#Λ͏ͷ͕ແͦ͏ ‣͍ͣΕʹͤΑɺͪΌΜͱจࣈίʔυΛࢦఆ͠ ·͠ΐ͏ ‣ৄ͘͠ʮ1%0ʹ͓͚ΔҰԠͷ҆શએݴͱ ΔʯIUUQCMPHUPLVNBSVPSH QEPIUNMࢀরͷ͜ͱ
·ͱΊ ‣ม͕Ͳ͏͍͏Ͱ͋Δ͔ʹؔΘΒͣɺม ͷΛؚΉ42-ΛΈཱͯΔ߹ɺඞͣϓ ϨʔεϗϧμʔΛ͏ͳΓɺΤεέʔϓ͢Δͳ Γ͢Δ લऀɺಛʹ੩తϓϨʔεϗϧμΛ͏ ‣҉ͷલఏʹͨΑΒͣɺ҆શੑΛۙͰ֬ೝ Ͱ͖ΔΑ͏ʹ͢Δ ‣42-ΠϯδΣΫγϣϯʹݶΒͣɺಉ༷ͷΠϯ δΣΫγϣϯܥ੬ऑੑ
લड़ Ͱಉ༷
੩తϓϨʔεϗϧμʹؔ͢Δิ https://twitter.com/tokuhirom/status/253499819136520193 https://twitter.com/tokuhirom/status/253501614747439104 ‣ϝϞϦΛແବʹফඅ ͢Δͱ͍͏ʁ ‣ΫϥΠΞϯτ͕ͪΌ Μͱεςʔτϝϯτϋ ϯυϥΛ։์ͯ͠Ε ͳ͍ʁ ‣IUUQCMPHFWFSRVFVFDPN
DIJCB
༨ஊ ಙؙઌੜʹ͓͖͍͖ͨͩ·ͨ͠ https://twitter.com/ockeghem/status/253128283795886080
ࢀߟจݙ ‣ʮαχλΠζݴ͏ͳΩϟϯϖʔϯʯͱԿ͔ ‣IUUQUBLBHJIJSPNJUTVKQEJBSZIUNMQ ‣ʰମܥతʹֶͿ҆શͳ8FCΞϓϦέʔγϣϯ ͷ࡞Γํʱ ಙؙߒɾஶ ‣IUUQXXXTCDSKQQSPEVDUTIUNM ‣ʰ҆શͳΣϒαΠτͷ࡞Γํผʮ҆શͳ 42-ͷݺͼग़͠ํʯʱ ‣IUUQXXXJQBHPKQTFDVSJUZWVMOEPDVNFOUT
XFCTJUF@TFDVSJUZ@TRMQEG