Shulou(Shulou.com)06/01 Report--

What is SQL injection?

SQL injection (SQLi) is generally thought of as an injection attack in which an attacker can execute malicious SQL statements. It controls the database server of the Web application. The helplessness of SQL injection can affect any site or Web application that uses a SQL-based database. Weakness is one of the most mature, common, and dangerous vulnerabilities in Web applications.

By using SQL injection helplessness, an attacker can use it to evade the validation and approval components of a Web application and restore the substance of the entire database, given the right conditions. SQL injection can also be used to include, change, and delete records in the database, thus affecting the integrity of the information.

To this extent, SQL injection provides attackers with unauthorized access to fine-grained information, including customer information, identifiable data (PII), exchange mysteries, protected innovations, and other sensitive data.

SQL injection function

Keeping in mind the ultimate goal of running malicious SQL queries against the database server, attackers should first discover the contribution contained in the SQL problem in the Web application.

When a SQL injection attack occurs, the helpless site needs to include the client contribution directly in the SQL interpretation. The attacker can then embed the payload, which will be incorporated as a component of the SQL query and continue to run against the database server.

The included server-side pseudo code is used to authenticate the client side of the Web application.

# define POST factor

U / B 1 m ë =-[R / Q Ü T]. P O S T ['u s e r n a m e'] p a small watt d =-[R'Q Ü''small tonne. P O S T ['p a s s w o r d']

# there is nothing SQL can do about SQLi

Sql = "SELECT id FROM clients WHERE username ='" + uname + "'AND password ='" + passwd + "'"

# execute SQL instructions

Database .execute (sql)

The above is the basic situation of using the user name to confirm the client. In addition, for databases with a table named clients, as well as secret words in the username and keyword sections.

The basic case of SQL injection payload may be as simple as setting the key field to key'OR 1 = 1.

This will cause the accompanying SQL problems to continue to run against the database server.

SELECT id FROM clients WHERE username = 'username'AND password =' password'OR 1 = 1'

Attackers can also comment out the rest of the SQL interpretation to further control the execution of SQL queries.

-MySQL,MSSQL,Oracle,PostgreSQL,SQLite

'or' 1' ='1' -'or'1' ='1' / *

-MySQL

'or' 1' ='1' #

-access (using invalid characters)

'or' 1'='1'% 00' or'1'='1'% 16

Once the problem is executed, the resulting I-access (using invalid characters) is returned to the application to be processed, resulting in confirmation avoidance. If verification avoidance is conceivable, the application will undoubtedly record the attacker from the result of the problem to the master record-the master record in the database is most of the regulatory client.

The worst thing an attacker can do is what can SQL do?

SQL is a programming dialect used to monitor information placed in RDBMS, so that SQL can be used to obtain, change, and delete information. In addition, under certain circumstances, RDBMS can also charge for the working framework from the SQL announcement.

With the above in mind, it doesn't require an attacker to see how profitable an effective SQL injection attack is, given the incidental circumstances.

Attackers can use SQL injection to evade acknowledgements or even imitate specific clients.

One of SQL's essential capacities is to choose information in light of an inquiry and yield the consequence of that question. A SQL Injection weakness could permit the entire exposure of information dwelling on a database server.

Since web applications use SQL to modify information inside a database, an attacker could use SQL Injection to adjust information put away in a database. Modifying information influences information honesty and could cause denial issues. For example, issues, for example, voiding exchanges, adjusting balances and different records.

SQL is used to erase records in the database. Attackers can use SQL injection vulnerabilities to purge information from the database. Whether we use the appropriate hardening method or not, the erasure of information can affect the accessibility of the application until the database is re-established.

Some database server designs (purposeful or otherwise) allow free execution of working framework orders on the database server. Under the right conditions, an attacker can use SQL injection as the base vector to attack the inward system behind the firewall.

Analysis of SQL injection attack

SQL injection requires only two conditions-a social database that leverages SQL, and client-side controllable information that can be used directly as part of a SQL problem.

In the following cases, it will accept that it is possible for an attacker to leak information from the database by misusing the undefensible display of SQL injection in the Web application.

Providing SQL clarity with inappropriate contributions, such as giving strings when SQL queries expect numbers, or deliberately embedding punctuation errors in SQL statements can cause the database server to throw an error.

In progress, mistakes are very helpful to engineers, but if authorized on a live website, they can find large amounts of data to attackers. SQL errors have a graphical trend, that is, attackers can obtain data about the database structure. Sometimes even the entire database is specified by separating the data from the error message-this system is called an error based on SQL injection. To this extent, database errors should fail on the site site, or log in to records with limited access.

SQL injection example

One. Select a statement in ASP.NET

Bay insert a declaration in ASP.NET

C . Insert a declaration in PHP SQL

$stmt = $dbh-> prepare ("INSERT INTO Customers (customer name, address, city) VALUES (: nam,:add,:cit)"); $stmt-> bindParam (': nam',$ txtNam); $stmt-> bindParam (': add',$ txtAdd); $stmt-> bindParam (': cit',$ txtCit); $stmt-> execute (); conclusion

In this SQL injection tutorial, we learned about injection in SQL. In addition, we discussed its examples, code, work and anatomy. In addition, we saw what SQL PHP and SQL attackers can do. However, if you have any questions or questions, please ask in the comments section.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.