当前位置：网站首页>[SQL injection point] location and judgment of the injection point

[SQL injection point] location and judgment of the injection point

2022-07-03 04:38:00 【Black zone (rise)】

Catalog

Two 、 Determine if the injection point exists

One 、 Four injection points

1.1、 brief introduction ：
The injection point we encounter is not necessarily in the form username Fields , Sometimes injection points are hidden in different places
Location of four common injection points ：GET Parameters in 、POST In request 、User-Agent in 、Cookies in

1.2、 classification ：
（1）GET Injection in parameter （URL）：
GET The injection point in is generally the easiest to find , Because we can get it in the address bar URL And parameters , It can be used Sqlmap Or manually verify whether there is injection .
（2）POST Injection in the request （ Grab the bag ）：
burp：POST Generally, we need to find the injection point in by capturing packets , It's like using Burp
plug-in unit ： Browser plug-in Hackbar To send the POST package .
Sqlmap Or manual verification .
（3）User-Agent Injection in （ Grab the bag ）：
burp： Find out User-Agent Injection in , have access to Burp Of Repeater modular
Sqlmap： take Sqlmap The parameter of is set to level=3, such Sqlmap It will automatically detect User-Agent Whether there is injection in .
（4）Cookies Injection in （ Browser plug-in 、 Grab the bag ）：
burp： seek Cookies Injection in , have access to Burp Of Repeater modular .
Sqlmap： The parameter can be set to level=2, such Sqlmap Will automatically detect Cookies Whether there is injection .
plug-in unit ： Browser modification cookie The plug-in can also be installed and used

Two 、 Determine if the injection point exists
1、 Determine if there is an injection point
（1） Modify the parameter value at the parameter position ,eg：id=1 It is amended as follows 2 Whether the data changes after
（2） Insert sheet 、 Detection method of double quotation marks （ Commonly used ）, Unclosed single quotation marks cause SQL Statement single quotation mark unclosed error prompt
2、 Determine whether the injection point is plastic or character
（1） Digital ： adopt and 1=1
（2） String type ： Closed single quotation mark test statement 'and'1'='1 Judge
3、 Determine the number of query Columns
order by or union select
4、 Judge the display bit
Error echo , Use the nonexistent id=-1 add union select……
perhaps and1=2 add union select……
The following are all through the error report , Construct the information to be found in the display bit
5、 Get all database names
6、 Get all the table names in the database
7、 Get field name
8、 Get the data in the field