Shulou(Shulou.com)05/31 Report--

This article mainly introduces "what is local SQL injection". In daily operation, I believe many people have doubts about what is local SQL injection. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful for you to answer the doubts about "what is local SQL injection"! Next, please follow the editor to study!

What is local injection? To put it simply, you cannot inject SQL on the server, because the WEB program on the server is very secure, the filtering of requests such as request ("id") is very strict, or the input format is limited to numbers, and so on, you have no choice but to abandon the injection.

But in some cases, you can inject into the local IIS to achieve the purpose of injecting the server, avoiding the submission and filtering of the server's request parameters. Give an example to illustrate, now you hit by mistake, take advantage of the burst library or other vulnerabilities to get the server's conn.asp file, then congratulations, the intrusion is not far from success.

Generally speaking, the conn.asp file code is as follows:

What is recorded here is some information about the database of the server, and you will generally get the connection password, indicating that it is a MSSQL system, which is very easy to do. If the server has URL to inject SQL statements, restore XP_CMDshell, and we can execute a lot of commands, and the DOS command is whatever you want. But unfortunately, we can not inject, only such a conn.asp file can be used.

So, we deceive the server locally, but you need to know what web program that server uses, otherwise it will be difficult for you to write code, let's write a sqltest.asp file, do not do any filtering in it, put this file and conn.asp under wwwroot in your IIS, so you can access it through Localhost.

The sqltest.asp code is as follows:

I made up that DVBBSmdb, and you have to change it to the name of the database of this web program. See, the submission parameters of id are not filtered, and no replace or other functions are used. Now we enter and inject URL: http://localhost/sqltest.asp?id=1 in ah D. Then using ah D to execute commands on the local server or running the username and password is tantamount to injecting the server you want to invade, bypassing its anti-injection measures.

At this point, the study on "what is local SQL injection" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.