<>1.SQL Introduction to injection
SQL Injection is web The program doesn't judge the validity of the user's input data , Illegal operation without the knowledge of the administrator . The attacker can query the code by submitting the database , The result returned by the program , Get the information in the database .SQL Injection attacks can lead to database risks , Including the brush library , Torco , Hit the library . It's the most dangerous at the moment Web One of the application vulnerabilities .
<>2. Common injection types and methods
According to the classification of data type, it can be divided into number type and character type , According to the submission method, it is mainly divided into GET type ,POST Type and Cookie Type injection , According to the execution effect, it is common to inject errors , Joint query injection and blind injection , Among them, blind note can be divided into two types bool Time based and time-based injection . It can be seen from the query statement that this is the character type injection, and it is also the GET Type injection and form injection .
The digital injection query statement is ：select * from user where id=1, The character injection query statement is ：select * from user where
search like ‘%1%’.
<>3. An interesting digging process
Go to a hospital for penetration test , In the evening, I went back to the hotel to be idle and bored, so I had to pay attention to one of the things I put on the public network Web Test the system . After logging in to the system as an ordinary user, the operation starts , There are still many loopholes found in the end . Let's talk about some of them here SQL injection , The injection point is usually found first , stay URL Injection point found on , The attempt failed . So try to add data to see if there is a storage type XSS, The result is very smooth on the pop-up .
I'm not willing to try again. Is there any injection here , Enter where you want to add the user name 1’, use bp Capture packets to view returned parameters .
Surprise found that the success of the error did not filter out , The information returned is input SQL syntax error . There is injection , Next, grab it directly post Copy the package , Stored in 123.txt in . Next, use it directly sqlmap Run , The following two databases have been revealed .
Next, select a database named jncrb Carry out the explosion , After a long wait, it was finally finished , It broke out 167 Forms .
Next, you can get the information stored in the database , From here we can see that SQL The harm of injection is very great . This is the end of the process , Thank you for watching .