How to judge character or injected plastic injection

Others 2019-08-15 10:46:18 views: null

Character injection and plastic injection difference

Sql injection vulnerability is usually divided into two types of
numeric
character
in fact, all types are produced according to the type of the database table itself, when we created the table will find that there are always followed by a data type restrictions, and different databases have different data types, but no matter how common sub-type of query data always to distinguish between numbers and characters, it will produce injection point is what type.

Numeric Analyzing

When the input parameter x is an integer, typically in abc.php type Sql statement is as follows:

select * from <表名> where id = x

This type can be used classical and 1 = 1 and 1 = 2 and determines:

Url address, enter HTTP:? //Xxx/abc.php the above mentioned id = the X-1 and 1 =

Page is still operating normally, continue to the next step.

Url address continue to enter HTTP:? //Xxx/abc.php the above mentioned id = the X-1 and 2 =

Page runtime error, then this Sql injection into a digital-type implant.

For the following reasons:

When the input and 1 = 1 when the background Sql statement:

select * from <表名> where id = x and 1=1

No syntax errors and logical judgment is correct, it returns to normal.

When the input and 1 = 2 when the background Sql statement:

select * from <表名> where id = x and 1=2

No syntax errors but the logical judgment is false, it returns an error.

Let us assume that the use of law:

If this character is injected, then, after we enter the above statement should appear the following:

select * from <表名> where id = 'x and 1=1'select * from <表名> where id = 'x and 1=2'

The query statement and all converted to a string, and no logic and judgment, so it will not appear above the results, so the assumption is not valid.

Character judgment

When the input parameter x for the character, typically abc.php substantially follows the SQL statement type

select * from <表名> where id = 'x'

We can also use this type and '1' = '1 and and' 1 '=' 2 to determine:

Url address, enter HTTP:? //Xxx/abc.php the above mentioned id = the X-'and' 1 '=' 1

Page operating normally, continue to the next step.

Url address continue to enter HTTP:? //Xxx/abc.php the above mentioned id = the X-'and' 1 '=' 2

Page runtime error, then this character Sql injection is injected.

For the following reasons:

When the input and '1' = '1 when the background Sql statement:

select * from <表名> where id = 'x' and '1'='1'

Grammatically correct, logical judgment is correct, so the return is correct.

When the input and '1' = '2 when the background Sql statement:

select * from <表名> where id = 'x' and '1'='2'

Grammatically correct, but the logic error of judgment, so the return is correct.

Guess you like

Origin www.cnblogs.com/zztac/p/11355622.html
Recommended
Ranking
Solve the problem that the Chinese display of the drawing using python matplotlib under the Linux system is displayed as a box
[Conference Call for Papers] The 5th International Conference on Civil Engineering, Environmental Resources and Energy Materials (CCESEM 2023)
4-yl Fast Fourier Transform
DataGirdView interlaced display color
[Docker implements test deployment CI/CD----Dingding alarm after the build is successful (7)]
[Asp.net core series] 6 the complete structure of a project in actual combat
The new version of OpenCenterV3 management background
Why can box plots detect outliers and what is the principle?
[Switch] jumbo frame Introduction
C++对象移动(3)——移动构造函数
Daily
More
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)

Code World

© 2018 codetd.com