360 Network Security study notes --SQL injection (b)

SQL injection hazard

Bypass login authentication: Use the universal password backstage visit the website

Access to sensitive data: access to the Web administrator accounts, passwords, etc.

File system operation: column directory, read, write files

Registry operations: read, write, delete, etc. the registry

Order Execution System operation: remote command execution

 

A http request is determined whether the presence of SQL injection manner:

经典：and = | and 2 > 1 | or 1 = 1 | or 1 < 1

Database functions: and sleep (4) = 1 | and lenth (user ())> 3

 

 SQL Injection Category

Numeric injection: input parameters for the shaping

Character injection: the input parameter is a string

 

 

 Search Injection: No filter search parameter during data search, generally have "keyword = keyword" in the link address, and some do not show the link address, but submitted directly through the search form.

 

 

 

 The reason SQL injection vulnerability formed

Dynamic String Builder cause

Incorrect escape character (byte wide injection)

Incorrect handling errors (error disclosure of information)

Incorrect handling joint inquiry

Incorrect handling multiple submissions (secondary injection)

 

 

 

 SQL manual injection process

(1) determines whether there is the injection point

(2) determining the length field

(3) determining the position FieldEcho

(4) Analyzing the information database

(5) Find the database name

(6) database lookup table

(7) Find the value of all the fields in a database table and word

(8) account password guess solution

(9) administrator background landing

 

 

 

 

 

 

Automatically determine the Chinese Chinese (Simplified) Chinese (Hong Kong) traditional Chinese) English Japanese Korean language German French Russian Thai Afrikaans Arabic Azerbaijani Belgian Bulgarian Catalan Czech Welsh Danish Vieira first language Greek Esperanto Spanish Estonian 巴士克 language French Farsi Finnish Faroese Galician Gujarati Hebrew language Hindi Croatian Hungarian Armenian Indonesian language Icelandic Italian language Georgian Kazakh language Canara language Konkani Kirghiz language Lithuanian Latvian Maori Macedonian Mongolian Marathi Malay Maltese Norwegian (Mel Burke) Dutch Northern Sotho Punjabi Polish Portuguese Quechua Romanian Sanskrit Northern Sami Slovak language Slovenian Albanian Swedish Swahili language Syriac Tamil language Telugu Tagalog Tswana Turkish language Tsonga Tartar language Ukrainian Urdu Uzbek Vietnamese language Bantu Zulu voluntarily pick Chinese Chinese (Simplified) Chinese (Hong Kong) traditional Chinese) English Japanese Korean language German French Russian Thai Afrikaans Arabic Azerbaijani Belgian Bulgarian Catalan Czech Welsh Danish Vieira first language Greek Esperanto Spanish Estonian 巴士克 language French Farsi Finnish Faroese Galician Gujarati Hebrew language Hindi Croatian Hungarian Armenian Indonesian language Icelandic Italian language Georgian Kazakh language Canara language Konkani Kirghiz language Lithuanian Latvian Maori Macedonian Mongolian Marathi Malay Maltese Norwegian (Mel Burke) Dutch Northern Sotho Punjabi Polish Portuguese Quechua Romanian Sanskrit Northern Sami Slovak language Slovenian Albanian Swedish Swahili language Syriac Tamil language Telugu Tagalog Tswana Turkish language Tsonga Tartar language Ukrainian Urdu Uzbek Vietnamese language Bantu Zulu Youdao translation 百度翻译 谷歌翻译 谷歌翻译（国内）

翻译 朗读 复制 正在查询，请稍候…… 重试 朗读 复制 复制 朗读 复制 via 谷歌翻译（国内） 译