<>1.SQL Introduction to injection

SQL Injection is web The program doesn't judge the validity of the user's input data , Illegal operation without the knowledge of the administrator . The attacker can query the code by submitting the database , The result returned by the program , Get the information in the database .SQL Injection attacks can lead to database risks , Including the brush library , Torco , Hit the library . It's the most dangerous at the moment Web One of the application vulnerabilities .

<>2. Common injection types and methods

According to the classification of data type, it can be divided into number type and character type , According to the submission method, it is mainly divided into GET type ,POST Type and Cookie Type injection , According to the execution effect, it is common to inject errors , Joint query injection and blind injection , Among them, blind note can be divided into two types bool Time based and time-based injection . It can be seen from the query statement that this is the character type injection, and it is also the GET Type injection and form injection .
The digital injection query statement is :select * from user where id=1, The character injection query statement is :select * from user where
search like ‘%1%’.

<>3. An interesting digging process

Go to a hospital for penetration test , In the evening, I went back to the hotel to be idle and bored, so I had to pay attention to one of the things I put on the public network Web Test the system . After logging in to the system as an ordinary user, the operation starts , There are still many loopholes found in the end . Let's talk about some of them here SQL injection , The injection point is usually found first , stay URL Injection point found on , The attempt failed . So try to add data to see if there is a storage type XSS, The result is very smooth on the pop-up .

I'm not willing to try again. Is there any injection here , Enter where you want to add the user name 1’, use bp Capture packets to view returned parameters .

Surprise found that the success of the error did not filter out , The information returned is input SQL syntax error . There is injection , Next, grab it directly post Copy the package , Stored in 123.txt in . Next, use it directly sqlmap Run , The following two databases have been revealed .

Next, select a database named jncrb Carry out the explosion , After a long wait, it was finally finished , It broke out 167 Forms .

Next, you can get the information stored in the database , From here we can see that SQL The harm of injection is very great . This is the end of the process , Thank you for watching .

Technology
©2019-2020 Toolsou All rights reserved,
Huawei 2021 session Hardware Engineer Logical post (FPGA) Super detailed surface !!!Vue-element-admin upgrade ui edition virtual machine VMware Download and install the most detailed tutorial !C++ Move constructor and copy constructor sound of dripping water java Backstage interview pygame Realize full screen mode and adjustable window size mysql Database setting character set configuration modification my.ini file (windows)30 What's the experience of being a junior programmer at the age of 20 C++ Multithreading programming ( Summary of common functions and parameters )python_ cherry tree