The principle of SQL injection attack
The principle of sql injection attack
Malicious users insert SQL statements into the request content during the process of submitting query requests, and at the same time the program itself Excessive trust in user input content without filtering SQL statements inserted by malicious users, resulting in SQL statements being directly executed by the server.
SQL injection attack classification
(1) Different classifications of injection points
Injection of numeric type Injection of string type
(2) Different classifications of submission methods
GET injection POST injection COOKIE injection HTTP injection
(3) Different classifications of methods of obtaining information
Boolean-based blind injection based on Time blind injection based on error reporting
SQL injection attack case:
1. View the injection case of the article:
View the injection case of a certain article If the url parameter is: ?id=1
, then by injecting the command: ?id=1 or 1=1, you can list all the articles in the entire data table.
If the viewing user is accessed through user_id, such as:? uid=1
By injecting the command:?id=1 or 1=1, you can display all the records of the entire user table
The SQL command is as follows:
The SQL command that passes ?id=1 is: select * from article where id=1. This statement queries 1 structure
The SQL command that passes ?id=1 and 1=1 is: select * from article where id=1 or 1=1, this statement queries the records of the entire table
2. User login injection case:
The login form has the user_name field, and the query statement is: select * from users where nickname='{user_name}'
You can fill in the user_name text box: (' or 1='1), so that the injected SQL command can be constructed: select * from users where user_name='' or 1='1', so it is easy to enter the system.
3. SQL injection table guessing:
Fill in the username field on the login page: (' or 1=(select count(0) from t_porg_document) or 1='1), The injected SQL command can be constructed: select * from users where user_name='' or 1=(select count(0) from recharge) or 1='1'
This way you can guess whether the recharge table exists. If it exists, the statement will be executed normally, otherwise an error will be reported.
After guessing the table name, you can add, delete, modify and check the data table, such as:
In the user name field of the login page, fill in: ('; delete from users), Dangerous SQL commands can be constructed: select * from users where user_name=''; delete from users;
By adding semicolons, arbitrary additions, deletions, modifications, and query SQL statements can be constructed, and the entire database can be manipulated by the attacker at will. Controlled.
PHP Chinese website has a large number of free SQL tutorials, everyone is welcome to learn!
The above is the detailed content of The principle of SQL injection attack. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1386
52
What is the difference between HQL and SQL in Hibernate framework?
Apr 17, 2024 pm 02:57 PM
HQL and SQL are compared in the Hibernate framework: HQL (1. Object-oriented syntax, 2. Database-independent queries, 3. Type safety), while SQL directly operates the database (1. Database-independent standards, 2. Complex executable queries and data manipulation).
Usage of division operation in Oracle SQL
Mar 10, 2024 pm 03:06 PM
"Usage of Division Operation in OracleSQL" In OracleSQL, division operation is one of the common mathematical operations. During data query and processing, division operations can help us calculate the ratio between fields or derive the logical relationship between specific values. This article will introduce the usage of division operation in OracleSQL and provide specific code examples. 1. Two ways of division operations in OracleSQL In OracleSQL, division operations can be performed in two different ways.
Comparison and differences of SQL syntax between Oracle and DB2
Mar 11, 2024 pm 12:09 PM
Oracle and DB2 are two commonly used relational database management systems, each of which has its own unique SQL syntax and characteristics. This article will compare and differ between the SQL syntax of Oracle and DB2, and provide specific code examples. Database connection In Oracle, use the following statement to connect to the database: CONNECTusername/password@database. In DB2, the statement to connect to the database is as follows: CONNECTTOdataba
Detailed explanation of the Set tag function in MyBatis dynamic SQL tags
Feb 26, 2024 pm 07:48 PM
Interpretation of MyBatis dynamic SQL tags: Detailed explanation of Set tag usage MyBatis is an excellent persistence layer framework. It provides a wealth of dynamic SQL tags and can flexibly construct database operation statements. Among them, the Set tag is used to generate the SET clause in the UPDATE statement, which is very commonly used in update operations. This article will explain in detail the usage of the Set tag in MyBatis and demonstrate its functionality through specific code examples. What is Set tag Set tag is used in MyBati
Analysis of the function and principle of nohup
Mar 25, 2024 pm 03:24 PM
Analysis of the role and principle of nohup In Unix and Unix-like operating systems, nohup is a commonly used command that is used to run commands in the background. Even if the user exits the current session or closes the terminal window, the command can still continue to be executed. In this article, we will analyze the function and principle of the nohup command in detail. 1. The role of nohup: Running commands in the background: Through the nohup command, we can let long-running commands continue to execute in the background without being affected by the user exiting the terminal session. This needs to be run
What does the identity attribute in SQL mean?
Feb 19, 2024 am 11:24 AM
What is Identity in SQL? Specific code examples are needed. In SQL, Identity is a special data type used to generate auto-incrementing numbers. It is often used to uniquely identify each row of data in a table. The Identity column is often used in conjunction with the primary key column to ensure that each record has a unique identifier. This article will detail how to use Identity and some practical code examples. The basic way to use Identity is to use Identit when creating a table.
How to solve the 5120 error in SQL
Mar 06, 2024 pm 04:33 PM
Solution: 1. Check whether the logged-in user has sufficient permissions to access or operate the database, and ensure that the user has the correct permissions; 2. Check whether the account of the SQL Server service has permission to access the specified file or folder, and ensure that the account Have sufficient permissions to read and write the file or folder; 3. Check whether the specified database file has been opened or locked by other processes, try to close or release the file, and rerun the query; 4. Try as administrator Run Management Studio as etc.
Database technology competition: What are the differences between Oracle and SQL?
Mar 09, 2024 am 08:30 AM
Database technology competition: What are the differences between Oracle and SQL? In the database field, Oracle and SQL Server are two highly respected relational database management systems. Although they both belong to the category of relational databases, there are many differences between them. In this article, we will delve into the differences between Oracle and SQL Server, as well as their features and advantages in practical applications. First of all, there are differences in syntax between Oracle and SQL Server.
