search
HomeDatabaseSQLDetailed introduction to sql injection

Detailed introduction to sql injection

1. First understand the principle of SQL injection:

SQL Injection: It is to insert SQL commands into the Web Submit a form or enter a domain name or query string for a page request, ultimately tricking the server into executing malicious SQL commands.

Specifically, it is the ability to use existing applications to inject (malicious) SQL commands into the backend database engine for execution. It can obtain an existence by entering (malicious) SQL statements in a web form. Security holes in the database on the website, rather than executing SQL statements as the designer intended. For example, many previous film and television websites leaked VIP membership passwords, mostly by submitting query characters through WEB forms. Such forms are particularly vulnerable to SQL injection attacks. (Sourced from Baidu)

That is to say, the website page contains parts that interact with the database (such as the search function of a news website), and when data is entered on the website, the data is programmed and passed to the database for execution. During the process, the website developers did not perform security processing on the corresponding data passed into the database (such as filtering special characters, encoding, etc.), allowing hackers to pass malicious code (that is, SQL commands containing illegal SQL statements) through the front end of the website. Enter the database and execute these SQL statements with hacker purposes in the database, causing database information leakage, damage and other consequences.

2. General classification of SQL injection

Classified according to injection point type

(1) Number Type injection point

Many web links have a similar structure http://www.example.com/12.php?id=1 Injections based on this form are generally called digital injection points , the reason is that the injection point id type is a number. In most web pages, such as viewing user personal information, viewing articles, etc., most of them use this form of structure to transfer id and other information, hand it to the backend, and query it out of the database The corresponding information is returned to the front desk. The prototype of this type of SQL statement is probably select * from table name where id=1. If there is injection, we can construct a SQL injection statement similar to the following for blasting: select * from table name where id=1 and 1=1

(2) Character injection point

The web link has a similar structure http://xwww.example.com/users.php?user=admin This form , the user type of its injection point is character type, so it is called character injection point. The prototype of this type of SQL statement is probably select * from table name where user='admin'. It is worth noting that compared with the numeric injection type SQL statement prototype, there are more quotes, which can be single quotes or double quotes. If there is injection, we can construct a SQL injection statement similar to the following for blasting: select * from table name where user='admin' and 1=1 ' We need to get rid of these annoying quotation marks.

(3) Search injection point

This is a special type of injection. This type of injection mainly refers to not filtering the search parameters when performing data searches. Generally, there is "keyword=keyword" in the link address. Some are not displayed in the link address, but are submitted directly through the search box form. The prototype of the SQL statement submitted by this type of injection point is roughly: select * from table name where field like '%keyword%' If there is injection, we can construct a SQL injection statement similar to the following for blasting: select * from table Name where field like '%test%' and '%1%'='%1%'

3. If you can determine whether there is SQL injection (novice summary, for reference only )

To put it simply:

All inputs may trigger SQL injection as long as they interact with the database

SQL injection is based on the data Submission methods can be divided into:

  (1) GET injection: The method of submitting data is GET, and the location of the injection point is in the GET parameter part. For example, there is such a link http://xxx.com/news.php?id=1, id is the injection point.

 (2) POST injection: Use POST method to submit data. The injection point is in the POST data part, which often occurs in forms.

 (3) Cookie injection: HTTP requests will bring the client's Cookie, and the injection point exists in a certain field in the Cookie.

 (4) HTTP header injection: The injection point is in a certain field in the HTTP request header. For example, it exists in the User-Agent field. Strictly speaking, Cookie should actually be considered a form of header injection. Because during HTTP requests, Cookie is a field in the header.

After classifying according to the submission method, you will find that the longest locations where SQL injection occurs are in the link address, data parameters, cookie information, and HTTP request headers.

After understanding the locations where SQL injection may exist, we need to determine whether SQL injection can be triggered at these locations. The simplest way is to enter and 1=1 (and the transformed form of and 1=1) at the corresponding location. judge. For different injection point types, single quotes need to be added appropriately for character types, but not for numeric injection points.

4. Advanced classification of SQL injection (classified according to execution effect)

 (1) Boolean-based blind injection: That is, the injection of true and false conditions can be judged based on the returned page.

 (2) Time-based blind injection: That is, no information can be judged based on the content returned by the page. Use conditional statements to check whether the time delay statement is executed (that is, whether the page return time increases). .

 (3) Injection based on error reporting: That is, the page will return error information, or the result of the injected statement will be returned directly to the page.

 (4) Union query injection: Injection in the case of union can be used.

 (5) Heap query injection: The injection of multiple statements can be executed at the same time.

 (6) Wide byte injection: Using gbk is a multi-byte encoding, two bytes represent a Chinese character

This article is for your study only. Never maliciously attack other people's websites.

Recommended tutorial: SQL online video tutorial

The above is the detailed content of Detailed introduction to sql injection. For more information, please follow other related articles on the PHP Chinese website!

Statement
This article is reproduced at:博客园. If there is any infringement, please contact admin@php.cn delete
SQL in Action: Real-World Examples and Use CasesSQL in Action: Real-World Examples and Use CasesApr 18, 2025 am 12:13 AM

In practical applications, SQL is mainly used for data query and analysis, data integration and reporting, data cleaning and preprocessing, advanced usage and optimization, as well as handling complex queries and avoiding common errors. 1) Data query and analysis can be used to find the most sales product; 2) Data integration and reporting generate customer purchase reports through JOIN operations; 3) Data cleaning and preprocessing can delete abnormal age records; 4) Advanced usage and optimization include using window functions and creating indexes; 5) CTE and JOIN can be used to handle complex queries to avoid common errors such as SQL injection.

SQL and MySQL: Understanding the Core DifferencesSQL and MySQL: Understanding the Core DifferencesApr 17, 2025 am 12:03 AM

SQL is a standard language for managing relational databases, while MySQL is a specific database management system. SQL provides a unified syntax and is suitable for a variety of databases; MySQL is lightweight and open source, with stable performance but has bottlenecks in big data processing.

SQL: The Learning Curve for BeginnersSQL: The Learning Curve for BeginnersApr 16, 2025 am 12:11 AM

The SQL learning curve is steep, but it can be mastered through practice and understanding the core concepts. 1. Basic operations include SELECT, INSERT, UPDATE, DELETE. 2. Query execution is divided into three steps: analysis, optimization and execution. 3. Basic usage is such as querying employee information, and advanced usage is such as using JOIN connection table. 4. Common errors include not using alias and SQL injection, and parameterized query is required to prevent it. 5. Performance optimization is achieved by selecting necessary columns and maintaining code readability.

SQL: The Commands, MySQL: The EngineSQL: The Commands, MySQL: The EngineApr 15, 2025 am 12:04 AM

SQL commands are divided into five categories in MySQL: DQL, DDL, DML, DCL and TCL, and are used to define, operate and control database data. MySQL processes SQL commands through lexical analysis, syntax analysis, optimization and execution, and uses index and query optimizers to improve performance. Examples of usage include SELECT for data queries and JOIN for multi-table operations. Common errors include syntax, logic, and performance issues, and optimization strategies include using indexes, optimizing queries, and choosing the right storage engine.

SQL for Data Analysis: Advanced Techniques for Business IntelligenceSQL for Data Analysis: Advanced Techniques for Business IntelligenceApr 14, 2025 am 12:02 AM

Advanced query skills in SQL include subqueries, window functions, CTEs and complex JOINs, which can handle complex data analysis requirements. 1) Subquery is used to find the employees with the highest salary in each department. 2) Window functions and CTE are used to analyze employee salary growth trends. 3) Performance optimization strategies include index optimization, query rewriting and using partition tables.

MySQL: A Specific Implementation of SQLMySQL: A Specific Implementation of SQLApr 13, 2025 am 12:02 AM

MySQL is an open source relational database management system that provides standard SQL functions and extensions. 1) MySQL supports standard SQL operations such as CREATE, INSERT, UPDATE, DELETE, and extends the LIMIT clause. 2) It uses storage engines such as InnoDB and MyISAM, which are suitable for different scenarios. 3) Users can efficiently use MySQL through advanced functions such as creating tables, inserting data, and using stored procedures.

SQL: Making Data Management Accessible to AllSQL: Making Data Management Accessible to AllApr 12, 2025 am 12:14 AM

SQLmakesdatamanagementaccessibletoallbyprovidingasimpleyetpowerfultoolsetforqueryingandmanagingdatabases.1)Itworkswithrelationaldatabases,allowinguserstospecifywhattheywanttodowiththedata.2)SQL'sstrengthliesinfiltering,sorting,andjoiningdataacrosstab

SQL Indexing Strategies: Improve Query Performance by Orders of MagnitudeSQL Indexing Strategies: Improve Query Performance by Orders of MagnitudeApr 11, 2025 am 12:04 AM

SQL indexes can significantly improve query performance through clever design. 1. Select the appropriate index type, such as B-tree, hash or full text index. 2. Use composite index to optimize multi-field query. 3. Avoid over-index to reduce data maintenance overhead. 4. Maintain indexes regularly, including rebuilding and removing unnecessary indexes.

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
1 months agoBy尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. Best Graphic Settings
1 months agoBy尊渡假赌尊渡假赌尊渡假赌
Will R.E.P.O. Have Crossplay?
1 months agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Safe Exam Browser

Safe Exam Browser

Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.

WebStorm Mac version

WebStorm Mac version

Useful JavaScript development tools

SAP NetWeaver Server Adapter for Eclipse

SAP NetWeaver Server Adapter for Eclipse

Integrate Eclipse with SAP NetWeaver application server.

MinGW - Minimalist GNU for Windows

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

Atom editor mac version download

Atom editor mac version download

The most popular open source editor