HEAD-round use -POST injection injection injection head
A, POST injection introduction
Essence injection attacks, user data is input as a code execution.
There are two key conditions:
The first user is able to control the input
The second is the code of the original program to be executed, stitching the data entered by the user
POST injection is a form of injection, I believe we all know POST \ GET parameter passing two kinds of ways.
POST injection is carried out using POST parameter passing injection, no difference between the nature and type of GET
POST-risk injection point:
Login box
Query box
There are boxes and other interactive database
POST injection than most classic universal password
'or 1=1#
How Sqlmap be injected into the type of SQL injection POST
--forms sqlmap to read the page POST form parameter passing Parameter name and then pass SQL injection
-r 1.txt sqlmap read packet files SQL injection, injection can play at a number of tests that point * Tell Sqlmap
Two, Head injected introduction
PHP global variables - superglobals
Many PHP predefined variables are "super-global", which means they are available in all scopes of a script.
These super-global variables are:
$ _REQUEST (get GET / POST / COOKIE) COOKIE in the new version has been unable to get the
$ _POST (acquisition POST parameter passing)
$ _GET (pass a GET parameter)
$ _COOKIE (get the value of COOKIE)
$ _SERVER (such as header information comprising (header), a path (path), and the position of the script (script locations) array of information and the like)
$ _SERVER powerful.
$ _SERVER [ 'HTTP_HOST'] Host request header in the content, acquires the current domain.
$ _SERVER [ "HTTP_USER_AGENT"] to obtain user information, including the user's browser, operating system and other information.
$ _SERVER [ "REMOTE_ADDR"] Users browse the web ip.
updatexml () function to update xml document
Syntax: updatexml (target content xml, xml document path, updated content)
updatexml(1,concat(0x7e,(SELECT database()),0x7e),1)
In fact here is to update the XML document, but we write a sub-query in the path of the location of the XML documents inside, we enter special characters, and then enter because they do not comply with the rules and then being given a
But given the fact he has performed the sub-query code!