Brief description of SQL injection vulnerability

Others 2020-04-20 20:59:54 views: null

What is sql injection vulnerability

Baidu explained:

SQL injection means that the web application does not judge the legality of the data input by the user or the filtering is not strict. The attacker can add additional SQL statements at the end of the query statement defined in the web application without the administrator ’s knowledge. In the case of illegal operations, to deceive the database server to perform any unauthorized query, so as to further obtain the corresponding data information.

Personally understand the root cause of SQL injection:

When writing a statement that interacts with the database, the data entered by the user is directly spliced ​​with the sql statement without filtering content, resulting in the user can modify the structure of the entire statement to generate different database operation statements, without any filtering directly put Into the database engine to execute.

SQL injection harms the website

The attacker can directly or indirectly operate the database. The harm of SQL injection has always been ranked in the top10 of the owasp ranking list. Its harm is self-evident, and it can directly obtain data and permissions, but pay attention to dangerous behaviors and never cross the boundary.

How to dig out the sql injection vulnerability website:

Black box penetration testing

For each parameter value in the website, think about whether to interact with the database. For example, landing page, get http header (user-agent / client-ip, etc.), order processing, query function

White box security testing

Read through the code, look for database-related statements, or combine related function points to find SQL statements in a targeted manner, black-and-white box-checking, large amounts of code will appear much more efficient, mainly to see whether the incoming parameters are directly Splicing, whether the incoming parameters are filtered by a complete filtering function. Whether other SQL statement writing modes have been adopted, such as whether pdo in PHP has been pre-compiled, and of course pre-compilation is not completely safe.

What can I do if I find this website SQL injection vulnerability

Query the content of the database, obtain website data, obtain the background login account password to log in to the background, modify content phishing and other indirect uses (when the authority is small); use the database to directly increase the authority, write a sentence, execute the system command (when the authority is sufficient) and many more.

How to use this vulnerability?

SQL injection on the Internet is not the same as rce. SQL injection is easy to guess where the website interacts with the database, so the black box output SQL injection vulnerability is also very much, but compared to a more secure
website, a The series of function import and filtering will also make the black box very big. The advantage of the white box is that you can see what is filtered, and how to write the sql statement, whether it is spliced
into the database, etc. Targeted, that is, the content of the code will be more numerous. To track and query up and down. Here is a sentence, sqlmap is a very good tool, known for its high automation, which
saves a lot of time during penetration, and I believe most people know and use it, but the tool is still a tool, we need to understand the principle and find vulnerabilities point.

How to fix the discovered vulnerabilities

There are many common ways. The simple way is to directly import a ready-made filter function, such as the 360safe function or the filter function used by dedecms are very easy to use, but it does not mean that it is
completely safe, such as your content. Once the code is entered, the function will not be recognized and will be invalid directly. So the most important thing is the specifications when writing SQL statements, such as pre-compilation and other operations, as well as the built-in
filter function, insert a sentence here, in most cases, only need to filter single quotes can actually resist most SQL Inject, unless you are not wrapping single quotes and directly splicing the digital type, then naturally
filtering the single quotes is useless. Parameterizing the incoming values ​​is also a precautionary method, but there is always no absolute thing, and the examples will not be cited, the big guys understand, no entry is necessary. Also, do n’t think that if you buy waf,
you can sit back and relax, waf ca n’t fix the loopholes, waf does n’t have any blocking ability in front of the master, the explanation about waf will also be mentioned later, it is not very good, please correct it if there are errors.

Guess you like

Origin www.cnblogs.com/xiaqingfeng/p/12740035.html
Recommended
Ranking
[Algorithm] greedy _ program scheduling issues
Spring 控制反转(IOC)
Data structure-6.6 figure
Indicates that the class or member method has abstract properties
Huawei v5 server installed Linux operating system
Postgresql source code analysis - creating ordinary tables
Chapter 10 Evaluation Classification Results
Cloud service Ubuntu 20.04 version uses Nginx to deploy static web pages
Java Exercise 17.1
Solve the problem that git cannot automatically push submission in IDEA Push failed: Failed with error: Could not read from remote repository.
Daily
More
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)

Code World

© 2018 codetd.com