Shulou(Shulou.com)05/31 Report--

Editor to share with you what the principle of SQL injection attack is, I believe that most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to understand it!

The principle of sql injection attack

In the process of submitting the query request, the malicious user inserts the SQL statement into the request content. At the same time, the program itself has too much trust in the user input and does not filter the SQL statement inserted by the malicious user, which causes the SQL statement to be executed directly by the server.

Classification of SQL injection attacks

(1) different classifications of injection points

Injection string type injection of numeric type

(2) different categories of submission methods

GET injection POST injection COOKIE injection HTTP injection

(3) different categories of ways to obtain information.

Boolean-based blind injection based on time-based blind injection based on error report

SQL injection attack case:

1. Check the injection case of the article:

The url parameter for viewing an article is:? id=1

Then you can list all the articles in the entire data table by injecting the command:? id=1 or 1. 1.

If the view user is accessed through user_id, such as:? Uid=1

Then you can display all the records of the entire user table by injecting the command:? id=1 or 1. 1.

The SQL command is as follows:

The SQL command through? id=1 is: select * from article where id=1. This sentence finds a structure.

The SQL command through? id=1 and 1: 1 is: select * from article where id=1 or 1: 1, which queries the records of the entire table.

2. Injection cases of user login:

The login form has a user_name field, and the query statement is: select * from users where nickname=' {user_name}'

You can fill in the user_name text box with the following: ('or 1 requests 1), so that you can construct the injected SQL command: select * from users where user_name='' or 1 destroy 1 ", which makes it easy to enter the system.

3. SQL injection guess table:

Enter ('or 1 = (select count (0) from t_porg_document) or 1 user name 1) in the user name field of the login page to construct the injected SQL command: select * from users where user_name='' or 1 = (select count (0) from recharge) or 1 user name 1'

This allows you to guess whether the recharge table exists. If it exists, the statement executes normally, otherwise an error will be reported.

After guessing the table name, you can add, delete, modify and query the data table, such as:

Fill in: ('; delete from users) in the user name field of the login page to construct a dangerous SQL command: select * from users where user_name=''; delete from users

By adding a semicolon, you can construct an arbitrary add, delete, modify and check sql statement, and the entire database will be controlled by the attacker at will.

The above is all the content of the article "what is the principle of SQL injection attack?" Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.