SQL查询结果集对注入的影响及利用_MySQL
对于注入而言,错误提示是极其重要。所谓错误提示是指和正确页面不同的结果反馈,高手是很重视这个一点的,这对于注入点的精准判断至关重要。本问讨论下关于几类错误和他产生的原理,希望对读者有所帮助。
错误提示主要有逻辑错误和语法错误以及脚本运行错误三类。
一:逻辑错误
简单的例子是1=1 1=2这两个,1=1与1=2页面不同的原理是什么?以$sql = “select * from news where id=$_GET[id]”为例。
select * from news where id=1 and 1=2产生的结果集为NULL,然后程序取值得时候,就会去出空值,无法显示。当然有的程序发现SQL执行结果集为空,就立即跳转,效果就不显鸟。值得注意的是,有的如Oracle Postgresql的数据库在结果集为空情况下会再页面上表现字符型null字样,这算是个特点。如果使用or条件,比如
select * from news where id=1 or 1=1
和and 1=2得结果正好相反,他的结果集十分庞大。如果SQL语句如此,再加上程序是循环读取结果集(一些编程上的陋习)那么会取出所有结果,结果可能运行很慢,在数据量巨大的oracle上容易出现。这个例子会出现什么呢,一般程序取出结果集中的第一条结果,那么很可能已经不是id=1的那条新闻了,这就是由些小菜奇怪有时候or 1=1页面会发生变化的原因。
归根到底,都是结果集不同造成的,灵活掌握是关键,这并非单纯的经验问题。
二:语法错误
语法错误时比较熟悉的,比如对于SQL Server,PgSQL,Sybase的注入错误提示都很重要,因为利用它的特性来获取信息很快速。语法错误造成的结果可能是SQL错误而中断脚本执行,但是脚本或服务器设置屏蔽错误的情况下,程序得到继续执行,但是结果集不存在,连NULL都算不上,反馈给攻击者的很可能就是结果集为空的情况,其实这是脚本的处理结果。当然Oracle PgSQL表现null。
三:运行错误不用说了,典型的就是利用mysql注入benchmark让脚本运行超时得到物理路径,以及利用超时来获得不同的表征进行盲注入。
四:逻辑错误和语法错误的结合。
当表征极不明显的时候,利用类似iff这样的函数进行正确与否的区分有时候会成救命稻草。因为语法错误和逻辑错误的表征大多数情况都会有不同。
iff(1=1,1,‘no’)这个会产生结果1 注意是数字,而iff(1=2,1,‘no’)这个会产生‘no’ 是字符。那么
id=1 and 1=iff(1=1,1‘no’)正确是必然成立的,而id=1 and 1=iff(1=2,1,‘no’)会因为类型不同发生语法错误。不过可惜的是似乎支持iff函数的数据库不多,呵呵。
现在讲结果集在注入中的利用原理。
一:从‘or’‘=’开始
这是学习SQL注入的初级课程,登陆漏洞。我简略从SQL结果集上分析。
$sql = “select top 1 * from admin where username=‘$username’ and password=md5(‘$password’)”;
显而易见,‘or’‘=’的加入使SQL语句返回了一条记录,这才使验证通过。
二:再看现在的验证中的SQL
$sql = “select top 1 * from admin where username=‘$username’”;
结果集不为空才根据抽取的记录集中的密码值与用户提交的密码MD5值进行比对来进行验证。这样,你突然发现‘or’‘=’的计策失败鸟,但是后台明明有注入,这就是验证方法造成的。跟进这个验证过程,‘or’‘=’的确产生了一个结果集(admin表中的第一行记录)但是遗憾的事,后来的密码比对没法通过,验证无法成功。
思路很简单,网上有案例,我重在原理,利用union来产生想要的结果集。比如‘and(1=2)union select top 1 username,’123456得md5值‘,id from admin where username=’admin
这样产生了admin的记录信息,但是记录集中的密码那个位置的值被替换成了123456的md5值,这样,使用admin 123456通过验证并且继承他的权利。
更有甚者全部用‘xxx’的方法来盲狙,这就很“过分”鸟。不过在sql2000 sybase这些严格要求类型匹配的数据库来说,这样不能撼动“管理员登陆”的,因为执行时发生了语法错误,结果集为NULL。另外以前ewebeditor注入漏洞来上传马也是这个union操作结果集来达到目的的经典案例。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1386
52
VBOX_E_OBJECT_NOT_FOUND(0x80bb0001)VirtualBox error
Mar 24, 2024 am 09:51 AM
When trying to open a disk image in VirtualBox, you may encounter an error indicating that the hard drive cannot be registered. This usually happens when the VM disk image file you are trying to open has the same UUID as another virtual disk image file. In this case, VirtualBox displays error code VBOX_E_OBJECT_NOT_FOUND(0x80bb0001). If you encounter this error, don’t worry, there are some solutions you can try. First, you can try using VirtualBox's command line tools to change the UUID of the disk image file, which will avoid conflicts. You can run the command `VBoxManageinternal
How effective is receiving phone calls using airplane mode?
Feb 20, 2024 am 10:07 AM
What happens when someone calls in airplane mode? Mobile phones have become one of the indispensable tools in people's lives. It is not only a communication tool, but also a collection of entertainment, learning, work and other functions. With the continuous upgrading and improvement of mobile phone functions, people are becoming more and more dependent on mobile phones. With the advent of airplane mode, people can use their phones more conveniently during flights. However, some people are worried about what impact other people's calls in airplane mode will have on the mobile phone or the user? This article will analyze and discuss from several aspects. first
How to turn off the comment function on TikTok? What happens after turning off the comment function on TikTok?
Mar 23, 2024 pm 06:20 PM
On the Douyin platform, users can not only share their life moments, but also interact with other users. Sometimes the comment function may cause some unpleasant experiences, such as online violence, malicious comments, etc. So, how to turn off the comment function of TikTok? 1. How to turn off the comment function of Douyin? 1. Log in to Douyin APP and enter your personal homepage. 2. Click "I" in the lower right corner to enter the settings menu. 3. In the settings menu, find "Privacy Settings". 4. Click "Privacy Settings" to enter the privacy settings interface. 5. In the privacy settings interface, find "Comment Settings". 6. Click "Comment Settings" to enter the comment setting interface. 7. In the comment settings interface, find the "Close Comments" option. 8. Click the "Close Comments" option to confirm closing comments.
File Inclusion Vulnerabilities in Java and Their Impact
Aug 08, 2023 am 10:30 AM
Java is a commonly used programming language used to develop various applications. However, just like other programming languages, Java has security vulnerabilities and risks. One of the common vulnerabilities is the file inclusion vulnerability (FileInclusionVulnerability). This article will explore the principle, impact and how to prevent this vulnerability. File inclusion vulnerabilities refer to the dynamic introduction or inclusion of other files in the program, but the introduced files are not fully verified and protected, thus
The impact of data scarcity on model training
Oct 08, 2023 pm 06:17 PM
The impact of data scarcity on model training requires specific code examples. In the fields of machine learning and artificial intelligence, data is one of the core elements for training models. However, a problem we often face in reality is data scarcity. Data scarcity refers to the insufficient amount of training data or the lack of annotated data. In this case, it will have a certain impact on model training. The problem of data scarcity is mainly reflected in the following aspects: Overfitting: When the amount of training data is insufficient, the model is prone to overfitting. Overfitting refers to the model over-adapting to the training data.
What problems will bad sectors on the hard drive cause?
Feb 18, 2024 am 10:07 AM
Bad sectors on a hard disk refer to a physical failure of the hard disk, that is, the storage unit on the hard disk cannot read or write data normally. The impact of bad sectors on the hard drive is very significant, and it may lead to data loss, system crash, and reduced hard drive performance. This article will introduce in detail the impact of hard drive bad sectors and related solutions. First, bad sectors on the hard drive may lead to data loss. When a sector in a hard disk has bad sectors, the data on that sector cannot be read, causing the file to become corrupted or inaccessible. This situation is especially serious if important files are stored in the sector where the bad sectors are located.
What specific impact do mine cards have on the game?
Jan 03, 2024 am 09:05 AM
Some users may consider buying mining cards for the sake of cheapness. After all, these cards are top-notch graphics cards. However, some gamers are worried about the impact of mining cards on playing games. Let’s take a look at the detailed introduction below. What are the effects of using a mining card to play games: 1. The stability of playing games with a mining card cannot be guaranteed, because the life of the mining card is very short and it is likely to become useless after just playing. 2. The mining card is basically a castrated version of the original version. Due to long-term wear and tear, the performance in all aspects may be weak. 3. In this way, users may not be able to display all the effects of the game when playing the game. 4. Moreover, the electronic components of the graphics card will age in advance, not to mention that playing games also consumes the graphics card, so it is drained to a greater extent, so the impact on the game is great. 5. In general, use mining cards to play games
What are the effects of low graphics card configuration?
Feb 15, 2024 pm 03:27 PM
The running quality of a computer basically has a huge impact on its graphics card. Some users don’t know much about graphics cards, and they don’t know exactly what aspects of the computer the graphics card will affect. For your convenience, here is what you need to know: Let’s introduce some effects of low graphics card configuration. What are the effects of low graphics card configuration? Answer: 1. Some large-scale 3D games cannot run. 2. When playing some high-definition videos, the computer will be under great pressure. 3. For some more professional software, there is no way to run it well when drawing and 3D model rendering are required. 4. If the graphics card configuration is low, the game will not be able to open, or it will frequently crash or freeze, and the computer will also have a blurred screen or a blue screen. 5. The most important thing in the game is the graphics card, because many pictures require
