当前位置:网站首页>[SQL injection point] location and judgment of the injection point
[SQL injection point] location and judgment of the injection point
2022-07-03 04:38:00 【Black zone (rise)】
Catalog
Two 、 Determine if the injection point exists
One 、 Four injection points
1.1、 brief introduction :
The injection point we encounter is not necessarily in the form username Fields , Sometimes injection points are hidden in different places
Location of four common injection points :GET Parameters in 、POST In request 、User-Agent in 、Cookies in
1.2、 classification :
(1)GET Injection in parameter (URL):
GET The injection point in is generally the easiest to find , Because we can get it in the address bar URL And parameters , It can be used Sqlmap Or manually verify whether there is injection .
(2)POST Injection in the request ( Grab the bag ):
burp:POST Generally, we need to find the injection point in by capturing packets , It's like using Burp
plug-in unit : Browser plug-in Hackbar To send the POST package .
Sqlmap Or manual verification .
(3)User-Agent Injection in ( Grab the bag ):
burp: Find out User-Agent Injection in , have access to Burp Of Repeater modular
Sqlmap: take Sqlmap The parameter of is set to level=3, such Sqlmap It will automatically detect User-Agent Whether there is injection in .
(4)Cookies Injection in ( Browser plug-in 、 Grab the bag ):
burp: seek Cookies Injection in , have access to Burp Of Repeater modular .
Sqlmap: The parameter can be set to level=2, such Sqlmap Will automatically detect Cookies Whether there is injection .
plug-in unit : Browser modification cookie The plug-in can also be installed and used
Two 、 Determine if the injection point exists
1、 Determine if there is an injection point
(1) Modify the parameter value at the parameter position ,eg:id=1 It is amended as follows 2 Whether the data changes after
(2) Insert sheet 、 Detection method of double quotation marks ( Commonly used ), Unclosed single quotation marks cause SQL Statement single quotation mark unclosed error prompt
2、 Determine whether the injection point is plastic or character
(1) Digital : adopt and 1=1
(2) String type : Closed single quotation mark test statement 'and'1'='1 Judge
3、 Determine the number of query Columns
order by or union select
4、 Judge the display bit
Error echo , Use the nonexistent id=-1 add union select……
perhaps and1=2 add union select……
The following are all through the error report , Construct the information to be found in the display bit
5、 Get all database names
6、 Get all the table names in the database
7、 Get field name
8、 Get the data in the field
边栏推荐
- 2022-02-12 (338. Bit count)
- The programmer went to bed at 12 o'clock in the middle of the night, and the leader angrily scolded: go to bed so early, you are very good at keeping fit
- 跨境电商多商户系统怎么选
- FuncS sh file not found when using the benchmarksql tool to test kingbases
- 2022 tea master (intermediate) examination questions and tea master (intermediate) examination skills
- Human resource management system based on JSP
- JVM原理简介
- Reptile exercise 02
- After job hopping at the end of the year, I interviewed more than 30 companies in two weeks and finally landed
- Mount NFS in kubesphere
猜你喜欢
Web - Information Collection
![[fxcg] inflation differences will still lead to the differentiation of monetary policies in various countries](/img/56/386f0fd6553b8b9711e14c54705ae3.jpg)
[fxcg] inflation differences will still lead to the differentiation of monetary policies in various countries
2022 registration examination for safety production management personnel of hazardous chemical production units and examination skills for safety production management personnel of hazardous chemical
关于开学的准备与专业认知
![[dynamic programming] subsequence problem](/img/d8/020ae959ef53ce097d3a81a0d2d63a.jpg)
[dynamic programming] subsequence problem
SSM based campus part-time platform for College Students
Leetcode simple question: check whether the array is sorted and rotated
Leetcode simple question: check whether two string arrays are equal
![[free completion] development of course guidance platform (source code +lunwen)](/img/14/7c1c822bda050a805fa7fc25b802a4.jpg)
[free completion] development of course guidance platform (source code +lunwen)
arthas watch 抓取入参的某个字段/属性
随机推荐
第十九届浙江省 I. Barbecue
Golang -- realize file transfer
Design and implementation of JSP logistics center storage information management system
Know that Chuangyu cloud monitoring - scanv Max update: Ecology OA unauthorized server request forgery and other two vulnerabilities can be detected
MySQL winter vacation self-study 2022 12 (3)
I've been in software testing for 8 years and worked as a test leader for 3 years. I can also be a programmer if I'm not a professional
Arthas watch grabs a field / attribute of the input parameter
Prefix and (continuously updated)
逆袭大学生的职业规划
When using the benchmarksql tool to preheat data for kingbasees, execute: select sys_ Prewarm ('ndx_oorder_2 ') error
Leetcode simple problem delete an element to strictly increment the array
带有注意力RPN和多关系检测器的小样本目标检测网络(提供源码和数据及下载)...
Games101 Lesson 9 shading 3 Notes
使用BENCHMARKSQL工具对kingbasees并发测试时kill掉主进程成功后存在子线程未及时关闭
C language self-made Games: Sanzi (tic tac toe chess) intelligent chess supplement
data2vec! New milestone of unified mode
Dive into deep learning - 2.1 data operation & Exercise
X-ray normal based contour rendering
普通本科大学生活避坑指南
Human resource management system based on JSP