Shulou(Shulou.com)05/31 Report--

This article will explain in detail the example analysis of sql injection in the database. The editor thinks it is very practical, so I share it for you as a reference. I hope you can get something after reading this article.

First of all, everyone may ask what is sql?

Sql is a type of database that is used to store website data.

Every time we click on a website, we get the relevant content from the database of the website.

Let's comb through the schematic diagram of the visiting web page:

After watching this, we found that when we think hard enough about sending data, we can do a lot of things as long as the input is reasonable, and we can use it to get a lot of content.

Next, let's explain the use of the symbol "'" in sql.

First of all, close the end of a sentence in sql. If this sentence is closed with', then can we add a new sentence after it? Take the new sentences and you can do what you want to do.

Of course, if you want to really understand, you should learn more languages such as sql and asp.

Next, let's start the demonstration.

Next, after entering the domain name, we will find that the website requires us to enter id, so here we enter it according to the requirements of sql.

Http://localhost/sqli/Less-1/? Id=1

Here? Id=1 is the entry format of the database. If you want the corresponding data back, you can change it into a number.

Http://localhost/sqli/Less-1/? Id=2

Then change the id, we found that there are multiple account passwords, these are the contents of the corresponding database of this site. It is also the corresponding path in the database.

And then the point is, when we're in http://localhost/sqli/Less-1/? When you add 'after id=1, let's take a look at it.

We found that the site reported an error and received a feedback of the error message.

'' 1million''LIMIT 051'

This is caused by the addition of', let's take a look at this error statement, analyze it, remove the outermost''to get '1percent' LIMIT 0prime1, and we find that the database is limited and the output can only be one line.

Because we added 'closed sentence, then combined with the following content, we can add some sentences after' to get more content. Here I want to get the database user name, which is generally the default user.

Http://localhost/sqli/Less-1/?id=1'and updatexml (1quin concat (0x7e Jing user ()), 0) 23

23 means O'Neill. Is the value after # url encoding, because the sql statement will perform an url decoding when entering the data query, so this place must be the value after url encoding.

Here, we see the appearance.

~ root@localhost

That is, the user name of the database is root

Next I'm going to query the database name.

Http://localhost/sqli/Less-1/?id=1' and updatexml (1coconcat (0x7e datebase ()), 0) 23

Here because I changed the name of the database file so I did not find out, of course, if you know enough, there are many ways, the name of the datebase here can be guessed out.

This is the end of this article on "sample analysis of sql injection in the database". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.