SQL Inject the foundation

Access Inject +Access Offset Injection

• Digital SQL Inject

  Pure number , example ：id=1

• Search type SQL Inject

  Directly inject... Into the search box

• Character SQL Inject

  The argument is a string ,id=shangpin1

Be careful ： Injection is based on the database, not the scripting language

SQL The principle of injection generation is analyzed in detail

Controllable variable , Bring in the database query , The variable does not exist or the filtering is not rigorous

The following existence injection is

www.abc.com/index.php?id=10
www.abc.com/?id=10
www.abc.com/?id=10&x=1
www.abc.com/index.php

All possible , however www.abc.com/index.php May be post Inject

Parameters x There is injection , Which of the following injection tests is correct

www.abc.com/news.php?y=1 and 1=1&x=2
www.abc.com/news.php?y=1&x=1 and 1=1
www.abc.com/news.php?y=1 and 1=1&x=2 and 1=1
www.abc.com/news.php?xx=1 and 1=1&xxx=2 and 1=1

b and c correct

because x Injection of being , So the injection statement should be given to x Back

Various databases

Access,MySQL,msSQL,MongoDB,postgresql,sqlite,Oracle,sybase Such as the database , except access The composition of other databases is roughly the same

Access

 Table name 
	 Name 
		 data 

MySQL,msSQL etc.

 Database name A
	 Table name 
		 Name 
			 data 
 Database name 
	 Table name 
		 Name 
			 data 

No matter what database , It needs to be injected step by step , Data cannot be injected directly