0x01 sql injection principle
It is through the use of loopholes in the query, the sql statement delivered to an attack means the server parsed and executed.
Sql injection of 0x02 common universal password
How it works: the user makes a user name and password authentication, the site need to query the database. Query the database is to execute SQL statements, but in the query process, not some special symbols filter, such as single quotes ( ')
For a chestnut:
1. When a user logs, database queries executed in the background (SQL statement) is:
2. Since the time backstage during site database queries no single quotation marks filtering, when the input user name [admin] and password [universal] 1'or'1 time, SQL statements that are executed as follows:
3. Since the SQL statement logic operator having priority, precedence [=] and [], and [] or [] precedence, and are suitable for transitive. Therefore, this SQL statement is parsed in the background, it is divided into two:
Note: When using the universal password, or and background may put these and other sensitive words filtered point, you can try to bypass the case, bypassing the double-writing and other ways to bypass. I remember when pte examination of the first question is to examine the universal password, lowercase or misplaced, can be used to bypass Or.
Benpian microblogging cited in section chiefs blog