当前位置：网站首页>[SQL injection] joint query (the simplest injection method)

[SQL injection] joint query (the simplest injection method)

2022-07-03 04:38:00 【Black zone (rise)】

Catalog

One 、 Introduce ：
Is the simplest injection method
Joint query injection Error reporting query injection Boolean Injection Delay Injection Stack query Injection

Two 、 principle ：
It is a collection of results that can merge multiple queries , seeing the name of a thing one thinks of its function , Is to append one table to another table , So as to realize the combination of query results .
stay URL In the parameter position of , Inject the constructed statement into the parameter position
select （ Original query content ） union select （ The content of the structure ）

3、 ... and 、 Prerequisite
① There are injection points , That is, it is not filtered
② There are display bits , The result can be echoed
③ The number of columns in the two tables is the same , namely order by or union select To judge column Count
④ Same data type

Four 、 Use process
1、 Determine if there is an injection point
（1） Modify the parameter value at the parameter position ,eg：id=1 It is amended as follows 2 Whether the data changes after
（2） Insert sheet 、 Detection method of double quotation marks （ Commonly used ）, Unclosed single quotation marks cause SQL Statement single quotation mark unclosed error prompt
2、 Determine whether the injection point is plastic or character
（1） Digital ： adopt and 1=1
（2） String type ： Closed single quotation mark test statement 'and'1'='1 Judge
3、 Determine the number of query Columns
order by or union select
4、 Judge the display bit
Error echo , Use the nonexistent id=-1 add union select……
perhaps and1=2 add union select……
The following are all through the error report , Construct the information to be found in the display bit
5、 Get all database names
6、 Get all the table names in the database
7、 Get field name
8、 Get the data in the field