How to perform sql injection
The so-called SQL injection is to insert a SQL command into a Web form to submit or enter a domain name or query string for a page request, and ultimately trick the server into executing malicious SQL commands.
Specifically, it is the ability to leverage existing applications to inject (malicious) SQL commands into the backend database engine for execution, which can be done through a web form Enter (malicious) SQL statements to obtain a database on a website with security vulnerabilities, rather than executing the SQL statements as intended by the designer. For example, many previous film and television websites leaked VIP member passwords, mostly by submitting query characters through WEB forms. Such forms are particularly vulnerable to SQL injection attacks.
SQL injection technology
Forced error generation
Identification of database type, version and other information is the basis of this type of attack The motivation lies. Its purpose is to collect database type, structure and other information to prepare for other types of attacks. It can be said to be a preparatory step for attacks. Obtain vulnerability information by exploiting the default error message returned by the application server.
Using non-mainstream channel technology
In addition to HTTP responses, data can be obtained through channels. However, most channels rely on the functions supported by the database to exist, so this The technology is not fully applicable to all database platforms. The non-mainstream channels for SQL injection mainly include email, DNS and database connections. The basic idea is: first package the SQL query, and then use the non-mainstream channels to feed the information back to the attacker.
Use special characters
Different SQL databases have many different special characters and variables, which can be obtained through some application systems that are insecurely configured or filtered poorly. Some useful information to provide directions for further attacks.
Use conditional statements
This method can be divided into three forms: content-based, time-based, and error-based. Generally, conditional statements are added after regular access, and the target of the attack is determined based on information feedback.
Using stored procedures
Through some standard stored procedures, while database vendors extend the functions of the database, the system can also interact with it. Some stored procedures can be defined by users. After collecting information such as the type and structure of the database through other types of attacks, commands to execute stored procedures can be constructed. This type of attack can often achieve the goals of remote command execution, privilege expansion, and denial of service.
Avoid input filtering technology
Although some filtering technologies can be used to prevent SQL injection for common encoding, there are many ways to avoid this situation. Open filtering, technical means that can generally achieve this include the use of SQL comments and dynamic queries, the use of truncation, the use of URL encoding and null bytes, the use of uppercase and lowercase variants, and expressions after nesting stripping, etc. With the help of these means, the inputted query can avoid input filtering, so that the attacker can obtain the desired query results.
Inference technology
can clarify the database schema, extract data and identify injectable parameters. This type of attack uses the feedback information input by the website to the user to infer the injectable parameters and database schema. After executing the query constructed by this attack, the answers obtained can only be true or false. Injection methods based on inference are mainly divided into two types: time-determined injection and blind injection. The former is to add statements such as "waitfor 100" to the injection statement, and determine whether the injection is successful and the derivation of the data value range based on the time when the query result appears; the latter is mainly "and l=l", "and l= 2” Two classic injection methods. These methods all ask questions that are indirectly related and can obtain responses, and then infer the desired information through the response information, and then carry out attacks.
The above is the detailed content of How to perform sql injection. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1387
52
What is the difference between HQL and SQL in Hibernate framework?
Apr 17, 2024 pm 02:57 PM
HQL and SQL are compared in the Hibernate framework: HQL (1. Object-oriented syntax, 2. Database-independent queries, 3. Type safety), while SQL directly operates the database (1. Database-independent standards, 2. Complex executable queries and data manipulation).
Usage of division operation in Oracle SQL
Mar 10, 2024 pm 03:06 PM
"Usage of Division Operation in OracleSQL" In OracleSQL, division operation is one of the common mathematical operations. During data query and processing, division operations can help us calculate the ratio between fields or derive the logical relationship between specific values. This article will introduce the usage of division operation in OracleSQL and provide specific code examples. 1. Two ways of division operations in OracleSQL In OracleSQL, division operations can be performed in two different ways.
Comparison and differences of SQL syntax between Oracle and DB2
Mar 11, 2024 pm 12:09 PM
Oracle and DB2 are two commonly used relational database management systems, each of which has its own unique SQL syntax and characteristics. This article will compare and differ between the SQL syntax of Oracle and DB2, and provide specific code examples. Database connection In Oracle, use the following statement to connect to the database: CONNECTusername/password@database. In DB2, the statement to connect to the database is as follows: CONNECTTOdataba
Detailed explanation of the Set tag function in MyBatis dynamic SQL tags
Feb 26, 2024 pm 07:48 PM
Interpretation of MyBatis dynamic SQL tags: Detailed explanation of Set tag usage MyBatis is an excellent persistence layer framework. It provides a wealth of dynamic SQL tags and can flexibly construct database operation statements. Among them, the Set tag is used to generate the SET clause in the UPDATE statement, which is very commonly used in update operations. This article will explain in detail the usage of the Set tag in MyBatis and demonstrate its functionality through specific code examples. What is Set tag Set tag is used in MyBati
What does the identity attribute in SQL mean?
Feb 19, 2024 am 11:24 AM
What is Identity in SQL? Specific code examples are needed. In SQL, Identity is a special data type used to generate auto-incrementing numbers. It is often used to uniquely identify each row of data in a table. The Identity column is often used in conjunction with the primary key column to ensure that each record has a unique identifier. This article will detail how to use Identity and some practical code examples. The basic way to use Identity is to use Identit when creating a table.
How to implement Springboot+Mybatis-plus without using SQL statements to add multiple tables
Jun 02, 2023 am 11:07 AM
When Springboot+Mybatis-plus does not use SQL statements to perform multi-table adding operations, the problems I encountered are decomposed by simulating thinking in the test environment: Create a BrandDTO object with parameters to simulate passing parameters to the background. We all know that it is extremely difficult to perform multi-table operations in Mybatis-plus. If you do not use tools such as Mybatis-plus-join, you can only configure the corresponding Mapper.xml file and configure The smelly and long ResultMap, and then write the corresponding sql statement. Although this method seems cumbersome, it is highly flexible and allows us to
How to use SQL statements for data aggregation and statistics in MySQL?
Dec 17, 2023 am 08:41 AM
How to use SQL statements for data aggregation and statistics in MySQL? Data aggregation and statistics are very important steps when performing data analysis and statistics. As a powerful relational database management system, MySQL provides a wealth of aggregation and statistical functions, which can easily perform data aggregation and statistical operations. This article will introduce the method of using SQL statements to perform data aggregation and statistics in MySQL, and provide specific code examples. 1. Use the COUNT function for counting. The COUNT function is the most commonly used
How to solve the 5120 error in SQL
Mar 06, 2024 pm 04:33 PM
Solution: 1. Check whether the logged-in user has sufficient permissions to access or operate the database, and ensure that the user has the correct permissions; 2. Check whether the account of the SQL Server service has permission to access the specified file or folder, and ensure that the account Have sufficient permissions to read and write the file or folder; 3. Check whether the specified database file has been opened or locked by other processes, try to close or release the file, and rerun the query; 4. Try as administrator Run Management Studio as etc.
