当前位置:网站首页>SQL injection HTTP header injection
SQL injection HTTP header injection
2022-07-07 05:04:00 【In a word, the Trojan horse (the growth road of Wang an Xiaobai)】
Catalog
One 、http Head injection -User-Agent
Two 、http Head injection -- x-forwarded-for
3、 ... and 、http Head injection -- Referer
One 、http Head injection -User-Agent
1.user-agent What is it?
The user agent (User Agent, abbreviation UA), Is a special string header , Enables the server to identify the operating system And version 、CPU type 、 browser And version 、 Browser rendering engine 、 Browser language 、 Browser plug-in etc. .
2.http Head (user-agent) Principle of injection
Because the back-end pair user-agent The data of is saved in the data , At this point, we can use SQL Inject .
3.http Head (user-agent) Implementation of Injection
3.1. open sqlilabs/Less-18/index.php, Open before entering password and user name burp suite Tools . Click on submit Get packets .
3.2. Get packet usage burp suite Of repeater Module operation
3.3. First, in the user-agent Add characters to see if it can cause an error , Then try to close
3.4. closed , Due to the use and '1'='1 closed , therefore payload Need to be in and Front write
3.5. Because the error message can be echoed , So you can use error injection to get the current database
payload:' and updatexml(1,concat(0x7e,(select database()),0x7e),1) and '1'='1
Two 、http Head injection -- x-forwarded-for
1. What is? x-forwarded-for
X-Forwarded-For(XFF) Is used to identify the pass HTTP agent or Load balancing Way to connect to Web The server The most original client IP Address Of HTTP Request header field .
effect : get HTTP The requester is real IP
2.x-forwarder-for Injection principle
x-forwarder-for Injection and user-agent The injection principle is similar , The back end saves the data to the database
3.x-forwarder-for Implementation of Injection
3.1. open sqlilabs/Less-18/index.php, Open before entering password and user name burp suite Tools . Click on submit Get packets .
3.2. Add X-forwarded-for Field . Before adding a field, it is host Address .
3.3 After adding X-forwarded-for After the field IP The address is IP Address .
3.4. Add a single quotation mark after the field to see if it can cause an error .
3.5 Try to close
3.6 Use error injection to obtain the database name of the current database
payload:X-forwarded-for:172.63.25.3' and updatexml(1,concat(0x7e,(selectdatabase()),0x7e),1) and '1'='1 .
3、 ... and 、http Head injection -- Referer
1. What is? referer
Referer yes http A field in the request header in the request package , It means this url The source of the .
2.referer Injection principle
Similar to the two above , The back-end code will referer The parameters in the field are saved to the database .
3.referer Implementation of Injection
3.1. open sqlilabs/Less-19/index.php, Open before entering password and user name burp suite Tools . Click on submit Get packets .
3.2. Add a single quotation mark directly after the field to see if it can cause an error
3.3 Try to close Use and '1'='1 Successfully closed
3.4 Use error injection to view the current database name
payload:' and extractvalue(1,concat(0x7e,(select database()),0x7e)) and '1'='1
边栏推荐
- 最全常用高数公式
- AOSP ~Binder 通信原理 (一) - 概要
- JS also exports Excel
- npm ERR! 400 Bad Request - PUT xxx - “devDependencies“ dep “xx“ is not a valid dependency name
- 2. Overview of securities investment funds
- DBSync新增对MongoDB、ES的支持
- Addressable 预下载
- 3GPP信道模型路损基础知识
- National meteorological data / rainfall distribution data / solar radiation data /npp net primary productivity data / vegetation coverage data
- Leetcode notes
猜你喜欢
Flask项目使用flask-socketio异常:TypeError: function() argument 1 must be code, not str
ThinkPHP关联预载入with
[hand torn STL] list
- [email protected]映射关系问题"/>
接口间调用为什么要用json、fastjson怎么赋值的、fastjson [email protected]映射关系问题
Liste des hôtes d'inventaire dans ansible (je vous souhaite des fleurs et de la romance sans fin)
Read of shell internal value command
Vscode automatically adds a semicolon and jumps to the next line
If you‘re running pod install manually, make sure flutter pub get is executed first.
为什么很多人对技术债务产生误解
A row of code r shows the table of Cox regression model
随机推荐
U++ 游戏类 学习笔记
If you‘re running pod install manually, make sure flutter pub get is executed first.
Appium practice | make the test faster, more stable and more reliable (I): slice test
STM32封装ESP8266一键配置函数:实现实现AP模式和STA模式切换、服务器与客户端创建
Tiktok may launch an independent grass planting community platform: will it become the second little red book
最全常用高数公式
5G VoNR+之IMS Data Channel概念
Why is the salary of test and development so high?
Run the command once per second in Bash- Run command every second in Bash?
深入解析Kubebuilder
torch optimizer小解析
Meow, come, come: do you really know if, if else
JS variable case output user name
腾讯云数据库公有云市场稳居TOP 2!
3.基金的类型
高手勿进!写给初中级程序员以及还在大学修炼的“准程序员”的成长秘籍
Leetcode longest public prefix
Markdown editor
R language principal component PCA, factor analysis, clustering analysis of regional economy analysis of Chongqing Economic Indicators
【數模】Matlab allcycles()函數的源代碼(2021a之前版本沒有)