Bypass login authentication: Use the universal password backstage visit the website
Access to sensitive data: access to the Web administrator accounts, passwords, etc.
File system operation: column directory, read, write files
Registry operations: read, write, delete, etc. the registry
Order Execution System operation: remote command execution
A http request is determined whether the presence of SQL injection manner:
经典:and = | and 2 > 1 | or 1 = 1 | or 1 < 1
Database functions: and sleep (4) = 1 | and lenth (user ())> 3
SQL Injection Category
Numeric injection: input parameters for the shaping
Character injection: the input parameter is a string
Search Injection: No filter search parameter during data search, generally have "keyword = keyword" in the link address, and some do not show the link address, but submitted directly through the search form.
The reason SQL injection vulnerability formed
Dynamic String Builder cause
Incorrect escape character (byte wide injection)
Incorrect handling errors (error disclosure of information)