Shulou(Shulou.com)06/01 Report--

This article mainly introduces the example analysis of SQL injection, which is a common attack method. It is very detailed and has certain reference value. Friends who are interested must finish it!

1. Overview 1. Attack principle

SQL injection is one of the more common network attacks, mainly aimed at WEB applications, making use of the programmer's negligence in writing code. For the application of connecting to the database, the server can execute malicious SQL code by reorganizing SQL statements, so as to obtain unauthorized permissions and materials. JD.com leaked 12G user account information on December 10, 16. SQL injection is in the first place in OWASP2013 and 2017.

(recommended course: SQL tutorial)

two。 How to determine whether there is a SQL injection vulnerability (1) single quotation mark judgment

Request parameter for get request with integer parameters:? id=1',. If the page reports a SQL running error, there may be SQL injection.

(2) Digital judgment

Defective code statements:

Select * from table where id=3

If you submit the parameter? id= x and 1, construct the following SQL:

Select * from table where id=1 and 1: 2

If the page reports a SQL running error, there may be SQL injection.

(3) character type judgment

Defective code statements:

Select * from table where id='x'

If the parameter id=x' and'1 is submitted, the following SQL is constructed:

Select * from table where id='x' and'1'

If the page reports a SQL running error, there may be SQL injection.

two。 Response plan

Do not trust user input

Input string filtering

Character escape

Avoid executing SQL by concatenating strings and combining them into SQL statements

Do not use administrator privileges to connect to the database, database access settings are minimized

Secret information is encrypted or hashed.

Catch the error when the program is abnormal to prevent the native error from being returned to the user

Perceived SQL injection scanning tool 1. SQLIer (1) open source address

Github.com/BCable/sqlier

(2) obtain information

. / sqlier.sh-s 10 URL

(3) parameters

-c [host] clears site information.

-o [file] outputs the cracked password.

-s [seconds] interval for each request.

-u [usernames] brute force to guess the user name, separated by a comma.

-w [options] wget parameter.

(4) guess the name field of the table

-- table-names [table_names] guesses table names, separated by commas.

-- user-fields [user_fields] guesses the user name field separated by commas.

-- pass-fields [pass_fields] guesses password fields separated by commas.

2. SQLmap

A tool for detecting and exploiting SQL injection vulnerabilities.

Installation:

Pip install sqlmap

SQL injection point

The place where the SQL statement can be submitted is the SQL injection point. To enter SQL injection, first find the SQL injection point.

Python sqlmap.py-u "http://test/test.aspx?id=123"

3. JSky

Shenzhen Yuzao Nuosai Company produced a WEB vulnerability scanning tool, charging software.

4. Pangolin (pangolin)

It is also a product of Yuzao Nuosai, which specializes in SQL injection scanning.

5. Iiscan Yi Si

Online free website vulnerability detection platform, can detect SQL injection vulnerabilities, cross-site vulnerabilities and so on.

6. MDCSOFT WEB Application Firewall

Set WEB protection, web protection, load balancing, application delivery of the integrated WEB security protection equipment.

The above is all the contents of the article "sample Analysis of SQL injection, a commonly used means of attack". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.