Shulou(Shulou.com)06/01 Report--

1. SQL injection

SQL is a database, such as sql server,mysql,db2,postgresql,oracle, etc. are more common databases, you can construct database statements, that is, sql statements, add and delete the query operation.

SQL injection is the process of tricking servers into executing malicious SQL commands by inserting SQL commands into Web form submissions or query strings for entering domain names or page requests. It is the ability to exploit existing applications to inject malicious SQL commands into the background database engine for execution. It can get a database on a website with security vulnerabilities by entering malicious SQL statements in Web forms, rather than executing SQL statements according to the designer's intention.

2. SQL injection causes

Dynamic website is through the script language to call the database to complete the operation of the entire website, when operating on the website, as long as it is related to the database operation will be brought into the database query, if there is no limit, you can enter any query statement into the database query.

SQL injection is caused by lax user input restrictions, that is, lax filtering.

3. SQL injection classification

From the parameter type can be divided into: ×× injection and character type injection

The injection types can be divided into the following categories:

(1)injection based on errors with display bits

(2)Injection of database error messages based on errors

(3)Blind bets based on errors without database error information

(4)Blinding of base time

4. SQL injection classic flow

(1)Determine the scripting language used by the Web system, discover injection points, and determine whether SQL injection vulnerabilities exist

(2)Determine the database type of the Web system

(3)Determine the structure of tables and corresponding fields in the database

(4)Construct injection statements to obtain data content in the table

(5)Find the administrator background of the website and log in with the administrator account and password obtained.

(6)Combined with other vulnerabilities, find a way to upload a Webshell

(7)Further upgrade to obtain system permissions on the server

5. Determine SQL injection method

(1)The most common way: enter and 1=1 page directly after url to return normal,and 1=2 page to return error, or directly add single quotation marks to report error, then there may be sql injection;

(2)You can also use or or xor to judge;

(3)If there is no error echo, we can use and sleep(1) to judge;

(4)Mathematical calculations can also be used, for example id=2 and id=3-1 return the same test interface, then there may be sql injection.

In general, if the input statement affects the query results of the database, then sql injection is most likely present.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.