• 热门专题

基本社工查询(数据+代码)

作者:  发布日期:2013-10-24 11:09:20
Tag标签:社工查询  
  • CREATE TABLE IF NOT EXISTS `users` ( 
      `id` int(10) unsigned NOT NULL AUTO_INCREMENT, 
      `unamename` char(20) NOT NULL DEFAULT '', 
      `password` char(32) NOT NULL DEFAULT '', 
      `email` char(30) NOT NULL DEFAULT '', 
      `salt` char(30) NOT NULL DEFAULT '', 
      PRIMARY KEY (`id`) 
    ) ENGINE=MyISAM DEFAULT CHARSET=gbk;

    数据库结构

    查询代码

     

    <html> 
     
    <head> 
    <title>社工库查询</title> 
    </head> 
     
    <body> 
    <div align="center"><b>社工社工库查询</b></div> 
    <br> 
    <br> 
    <br> 
    <br> 
    <div align="center"><form action=<?php echo $_SERVER['PHP_SELF']; ?> method="post"> 
    请输入帐号:<input type="text" name="search"> 
    <input type="submit" name="submit" value="社吧"> 
    <input type="reset" name="submit2" value="重新输入"> 
    </form></div> 
     
     
    <?php 
    require ("sqlin.php"); 
    //sqlin.php必须在同目录 
    $link = mysql_connect("localhost", "root", ""); 
    //localhost 数据库地址  
    //root 数据库用户名 123456 数据库密码 
    mysql_select_db("7log"); 
    //mydatabase 数据库名 就是你说的那个csdn 
    $search=$_POST['search']; 
    if(!empty($_POST['search'])){ 
    //$sql="Select * FROM users Where username = '$search'"; 
    $sql="Select * FROM users Where username = '$search' or email = '$search'"; 
    }else{ 
     
      echo "搜索不能为空"; 
      exit(); 
    } 
    //echo $sql; 
    $query=mysql_query($sql); 
     
    ?> 
     
     
    <div align="center"><table> 
        <tr height="20"> 
        <td width="10%">id</td> 
        <td width="25%">帐号</td> 
        <td width="45%">密码</td> 
        <td width="25%">邮箱</td> 
        </tr></div> 
     
    <?php 
     
    while($row=mysql_fetch_assoc($query)) 
    { 
        ?> 
     
        <tr> 
        <td width="10%"><?=$row['userid']?></td> 
        <td width="25%"><?=$row['username']?></td> 
        <td width="45%"><?=$row['password']?></td> 
        <td width="25%"><?=$row['email']?></td> 
        </tr> 
     
        <?php 
    } 
     
    mysql_close($link);//这个至关重要必须要关闭  
     
    ?> 
    </table> 
     
    </body>

    sqlin.php


    //Code By F4ck Team 
    function customError($errno, $errstr, $errfile, $errline) 
    { 
    echo "Error number: [$errno],error on line $errline in $errfile
    "; 
    die(); 
    } 
    set_error_handler("customError",E_ERROR); 
    $getfilter="'|(and|or)\\b.+?(>|<|=|in|like)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)"; 
    $postfilter="\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)"; 
    $cookiefilter="\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)"; 
    function StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq){ 
     
    if(is_array($StrFiltValue)) 
    { 
    $StrFiltValue=implode($StrFiltValue); 
    } 
    if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){ 
    //slog 
    (" 
    操作IP: ".$_SERVER["REMOTE_ADDR"]."
    操作时间: ".strftime("%Y-%m-%d %H:%M:%S")."
    操作页面:".$_SERVER["PHP_SELF"]."
    提交方式: ".$_SERVER["REQUEST_METHOD"]."
    提交参数: ".$StrFiltKey."
    提交数据: ".$StrFiltValue); 
    print "F4ck Team notice:Illegal operation!"; 
    exit(); 
    } 
    } 
    //$ArrPGC=array_merge($_GET,$_POST,$_COOKIE); 
    foreach($_GET as $key=>$value){ 
    StopAttack($key,$value,$getfilter); 
    } 
    foreach($_POST as $key=>$value){ 
    StopAttack($key,$value,$postfilter); 
    } 
    foreach($_COOKIE as $key=>$value){ 
    StopAttack($key,$value,$cookiefilter); 
    } 
    if (file_exists('sqlin.php')) { 
    echo "请重命名文件sqlin.php,防止黑客利用 
    "; 
    die(); 
    } 
    function slog($logs) 
    { 
    $toppath=$_SERVER["DOCUMENT_ROOT"]."/log.htm"; 
    $Ts=fopen($toppath,"a+"); 
    fputs($Ts,$logs."\r\n"); 
    fclose($Ts); 
    } 
    ?

     

延伸阅读:

About IT165 - 广告服务 - 隐私声明 - 版权申明 - 免责条款 - 网站地图 - 网友投稿 - 联系方式
本站内容来自于互联网,仅供用于网络技术学习,学习中请遵循相关法律法规