Shulou(Shulou.com)06/01 Report--

This article mainly introduces how to carry out sql injection, has a certain reference value, friends in need can refer to. I hope you will learn a lot after reading this article. Next, let the editor take you to learn about it.

The so-called SQL injection is to deceive the server into executing malicious SQL commands by inserting SQL commands into the Web form to submit domain names or enter the query string requested by the page.

Specifically, it is the use of existing applications, the ability to inject (malicious) SQL commands into the background database engine execution, it can be input in the Web form (malicious) SQL statements to get a security vulnerability on the site of the database, rather than in accordance with the intention of the designer to execute SQL statements. For example, many previous film and television websites leaked VIP member passwords mostly through WEB forms to submit query characters, which are particularly vulnerable to SQL injection attacks.

SQL injection technology

Force an error

The identification of database type, version and other information is the motivation of this type of attack. Its purpose is to collect information about the type and structure of the database to prepare for other types of attacks, which can be described as a preparatory step for attacks. Exploit the default error information returned by the application server to obtain vulnerability information.

Adopt non-mainstream channel technology

Except for HTTP response, data can be obtained through channels. However, channels mostly rely on the functions supported by databases, so this technology is not entirely applicable to all database platforms. The main non-mainstream channels injected by SQL are E-mail, DNS and database connections. the basic idea is to package the SQL query first, and then feedback the information to the attacker with the help of non-mainstream channels.

Use special characters

Different SQL databases have many different special characters and variables. Some useful information can be obtained through some insecure or poorly filtered applications, so as to provide direction for further attacks.

Use conditional statements

This method can be divided into three forms: content-based, time-based and error-based. Generally, conditional statements are added after regular visits, and the targets to be attacked are determined according to information feedback.

Using stored procedures

Through some standard stored procedures, while the database manufacturer extends the function of the database, the system can also interact with it. Some stored procedures can be defined by the user. After collecting information about the type and structure of the database through other types of attacks, commands that execute stored procedures can be constructed. This type of attack can often achieve the purpose of remote command execution, privilege extension and denial of service.

Avoid input filtering technology

Although some filtering techniques can be used to prevent SQL injection from common coding, there are many ways to avoid filtering in this case, including the use of SQL comments and dynamic queries, truncation, URL coding and empty bytes, the use of case variants and expressions after nesting and stripping, and so on. With these means, the input-conceived query can avoid input filtering, so that the attacker can get the desired query results.

Inference technology

Ability to identify database patterns, extract data, and identify injectable parameters. Through the feedback of the website to the user input and the inference of injectable parameters and database pattern, the query constructed by this kind of attack can only get true and false answers. The inference-based injection methods are mainly divided into two types: time measurement injection and blind injection. The former is to add statements such as "waitfor 100" to the injection statement to judge whether the injection is successful or not and the derivation of the range of data values according to the time when the query results appear, while the latter mainly uses two classical injection methods: "and lumped" and "and lumped 2". These methods are to ask questions that are indirectly related and can be answered, and then infer the desired information from the response information, and then attack.

Thank you for reading this article carefully. I hope it will be helpful for everyone to share how to inject sql. At the same time, I also hope you will support us, pay attention to the industry information channel, and find out if you have any problems. Detailed solutions are waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.