Shulou(Shulou.com)06/01 Report--

Maybe the first one, we don't go into too much technical detail, but it's all true.

1, Google dork or Baidu dork We have a Google dork and a Baidu dork respectively.

Step 1. First, we open this link

http://g.bt.gg/

This site will forward our requests to Google for search, so we can use Google exclusively for search purposes.

Step 2. Enter the Google query statement

inurl:"news.php? id="

(Note:

1) The meaning of inurl, our keyword appears in the url position, that is, we often say hyperlink

2)The following keywords are enclosed in double quotes, meaning that they appear as a whole and must contain the entire [news.php?] id]

3)Google has a good place to do it, will it? Parses an arbitrary character. That is, except for the 'new.php' we want. id'matches the type'new.php/id'.

)

Step 3. Select a website address and we will test it.

We chose a website like this

Its link is as follows: www.xxx.com/news.php? id=33

Step 4. Perform a test to simply test whether a vulnerability exists.

How to do it: We put a single quote after the link, as shown below

You can see that there are errors here,

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1

So our input affects the database here, and some of the more experienced novices here may be starting to worry. You see, my single quotation marks have been escaped. Isn't it impossible to inject them?

(Note: In the face of sql injection points, you need to distinguish, in fact, the main is nothing more than numeric and string type.

A simple distinction:

String injection: Data is enclosed in single or double quotes, with a balanced number of quotes.

Digital injection: Data is not enclosed in quotation marks.

And we're digital here.

)

2. Manually determine the existence of vulnerabilities

What makes it digital?

The URL we tested became:

www.xxx.com/news.php? id=33 and 1=1

and

www.xxx.com/news.php? id=33 and 1=2

You can see that the two pages are different. OK, now basically sure that this site has sql injection

3. Script Boy's Weapon

1) We need a tool called sqlmap to help. Please find out for yourself how to install this tool.

step is

step1. Go to python official website to download version 2.7.x of msi installation package

step2. Download sqlmap at this address (https://github.com/sqlmapproject/sqlmap/archive/master.zip)

step3. Extract sqlmap folder

step4. Use the shortcut windows+r to open a run window and type cmd. Then cd sqlmap folder.

2) Switch to sqlmap folder

3) We enter such an order

python sqlmap.py -u "http://www.xxx.com/news.php? id=33" --wizard

(Explain their options separately here.

1)-u followed by url to test

2)--wizard This is sqlmap provides a wizard option for beginners, select this will guide you step by step to inject.

）

4) Everything after injection is shown in pictures

step1. Ask if there is Post data, which is used when Post requests, enter directly without entering

Step 2. Ask about the difficulty of this injection point. There are three levels.

Step 3. Information to be obtained

step4.sqlmap automatically selects parameters for us, we just enter

Step 5. So far, we have finished our study this time. This article does not involve too much theory.

[Note:

As long as you do what the post says, you will definitely encounter the site I tested, but I hope there is no damage, if you are only satisfied with this, I have nothing to say. The next post will appear next wednesday, and the next topic will be how to google dork or baidu dork.

And don't just be a script boy, otherwise you can only say in the future,"I also made a few stations when I was young, but all with tools."

]

[Added:

In the process of reading posts, there must be people who think that I am familiar with the process, I can definitely find it, I am not sure, then I continue to find an injection point on the page returned by Google.

[Find another one]

1. Identify a website

2. Manually add single quotation marks and observe exceptions

3. Manual injection test (click here for more manual injection)

]

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.