About SQL injection
The Internet is dangerous, and information and data security is very important. SQL injection is one of the most common intrusion methods. It has low technical threshold, low cost, and high profit. It is favored by hackers at all levels.
Generally speaking, the method of SQL injection is to take advantage of various opportunities to add malicious SQL code to program parameters, and ultimately be executed by the server, causing adverse consequences.
For example, we access the interface URL?userid=123 to obtain user information based on userid, assuming this is handled in the program:
$sql = “SELECT * FROM user WHERE userid = $_GET[userid]“;
The above code looks very low, right, especially in double quotes, you can also directly quote data type variables, so it is not an exaggeration to say that php is the best language in the world, haha (in fact, I also wrote in the early days After a few years php).
At this time, if the parameters we pass in are changed to this: URL? userid=123 or 1=1 , this will cause the SQL condition to be established forever , and all the data will be read out.
Or you can pass parameters like this: URL? userid= 123 or if(now()=sysdate(),sleep(5),1) , at this time not only all the data will be read, but also the SQL will be executed After the completion, wait 5 seconds before returning, and the hacker can judge whether the SQL injection detection is successful or not.
In the above example, in fact, we only need to perform simple type judgment and control on the parameters input by the user to quickly avoid the risk of being injected. For example, change it to the following:
$userid = intval(strim($_GET[‘userid’]));
$sql = “SELECT * FROM user WHERE userid = “ . mysql_real_escape_string($userid);
It can be seen that at least basic SQL injection is not difficult to prevent, as long as sufficient work is done at all levels. The simple blind SQL injection (that is, the way to beat the master to death) can already be done with auxiliary tools such as sqlmap , and it does not need to be executed manually.
How to prevent
As mentioned above, sqlmap can be used as a tool for blind SQL injection, or it can be scanned internally before a new project goes online to find potential vulnerabilities in advance and fix them in time, which in turn can be used by us. Other well-known scanning tools that can detect SQL injection vulnerabilities are: SQLIer, SQLID, SQL Power Injector, SQLNinja .
We can also frequently scan the currently executed SQL list to determine whether SQL injection or potential risks have occurred based on some keywords. Common keywords are:
SLEEP() — General blind SQL injections will accompany the SLEEP() function, and generally SLEEP for at least 5 seconds
MID()
CHAR()
WORDS()
SYSDATE()
SUBSTRING()
DATABASES()
SCHEMA()
USER()
VERSION()
CURRENT_USER()
LOAD_FILE()
OUTFILE/DUMPFILE
INFORMATION_SCHEMA
TABLE_NAME
fwrite()/fopen()/file_get_contents() — These are PHP file manipulation functions
We can check the current active SQL commands at a higher frequency. Once we find the above keywords, we can immediately record them and trigger an alarm, notify the administrator to confirm the processing manually in time, or even kill these SQL queries directly first (you can use pt -kill tool to do this, you can also develop your own), just in case, leave less opportunity for hackers.
In addition, we recommend setting the option safe-update/sql_safe_updates to 1, to prevent incorrect operation updates without any WHERE conditions, and to write the entire table data incorrectly .
In addition, if you want to better improve your programming ability, learn C language and C++ programming! Overtaking in a curve, one step faster! I may be able to help you here~
UP has uploaded some video tutorials on learning C/C++ programming on the homepage. Those who are interested or are learning must go and take a look! It will be helpful to you~
Sharing (source code, actual project video, project notes, basic introductory tutorial)
Welcome partners who change careers and learn programming, use more information to learn and grow faster than thinking about it yourself!
Programming learning:
Programming learning:
