The secondary injection

One 、 Definition of secondary injection

Simply put, secondary injection is the user input that has been stored in the database , Go in when reading again SQL Injection in query statement .

Two 、 The principle of secondary injection

First step ： Insert malicious data

When inserting data into the database for the first time , Only special characters are escaped , When writing to the database, the original data is retained , But the data itself contains malicious content .

The second step ： Reference malicious data

After saving into the database , Developers believe that the data is credible , The next time you need to query , Propose malicious data directly from the database , No further inspection and treatment , Will cause sql Secondary injection data of

3、 ... and 、 Demonstration of the principle of secondary injection

1. open http://localhost/sqlilabs/Less-24/ , Is a user login page , Input admin;admin Log in

2. First, we click to register a new user  

username：admin'#  password:456 

3. Change the password of the current user again Change it to ：777

4. Return to the main page to log in admin account number , Use the original password ：admin , Found an error

5. In the login admin account number , Use the one just changed admin'# Password ：777, Found successful login

6. stay Navicat View database table in

Multi statement injection

  One 、 Prerequisites for multi statement injection

Source code usage mysqli_multi_query(); Multi statement query function , You can execute multiple at a time sql sentence , But in reality , Such as PHP In order to prevent SQL Mechanism , The functions that are often used to call the database are mysqli_ query() function , It can only execute one statement , What follows the semicolon will not be executed , Therefore, it can be said that the use conditions of stack injection are very limited , Once it can be used , It may pose a great threat to the website .