1, the problem: the site is injected into SQL, you can see the use of libraries, tables, and data conditions
2, solve: the front and rear reinforcement, while the underlying SQL query must use parameterized
Injection analysis using tool: Sqlmap
First, install the Sqlmap tool
1, before the installation, you need to install the Python environment, installation reference: http://blog.csdn.net/baigoocn/article/details/51456721 above has instructions
2. Download the Sqlmap Toolkit and place the files in the Sqlmap directory under the installation directory of the Python environment,
Enter sqlmap.py-h to view information to prompt installation success
3. Common parameters
- u: Specify the injection point URL
--dbs:dbs Front two bars ( all database names)
--current-db The database currently in use by the Web
--current-user Web database usage account
--users All users
--passwords Database account and password
-D tourdata --tables: Specify database name --tables: List table
-D tourdata-t UserB--columns-d: Specify database name -T: Specify table to list fields --columns: Specify list fields
-D tourdata-t userb-c "Email,username,userpassword"--dump-c: Specify fields to be burst--dump: Export the results
--start 1--stop 10 Specifies to export a specific range of field content--start: Specify the beginning of the row--stop: Specify the end of the row
(Reference: http://blog.csdn.NET/zgyulongfei/article/details/41017493)
--current-db --current-user
650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "border=" 0 "style=" Background:url ("/e/u261/ Lang/zh-cn/images/localimage.png ") no-repeat center;border:1px solid #ddd;" alt= "Spacer.gif"/>
D:\python27\sqlmap>sqlmap.py-u http://xxx.com/cms/xxx_view.aspx?cpn_id=fb509dacdd224a179fde6e71e824ec95 - -current-db
650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "border=" 0 "style=" Background:url ("/e/u261/ Lang/zh-cn/images/localimage.png ") no-repeat center;border:1px solid #ddd;" alt= "Spacer.gif"/>650) this.width=650 ; "Src=" Https://s2.51cto.com/wyfs02/M00/A7/72/wKioL1nmznzRw9bgAADFm3oPiAs228.png "title=" 320a6db6-533a-4a56-8c70-ec5d9e2da695.png "alt=" Wkiol1nmznzrw9bgaadfm3opias228.png "/>
--users
650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "border=" 0 "style=" Background:url ("/e/u261/ Lang/zh-cn/images/localimage.png ") no-repeat center;border:1px solid #ddd;" alt= "Spacer.gif"/>
-D Fjhba--tables
650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "border=" 0 "style=" Background:url ("/e/u261/ Lang/zh-cn/images/localimage.png ") no-repeat center;border:1px solid #ddd;" alt= "Spacer.gif"/>
There are more parameters to get to the relevant information content
From the above operation to execute, equivalent to the data is completely checked, this is very dangerous!
Splicing is not allowed when writing any SQL statement!
650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "border=" 0 "style=" Background:url ("/e/u261/ Lang/zh-cn/images/localimage.png ") no-repeat center;border:1px solid #ddd;" alt= "Spacer.gif"/>
650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "border=" 0 "style=" Background:url ("/e/u261/ Lang/zh-cn/images/localimage.png ") no-repeat center;border:1px solid #ddd;" alt= "Spacer.gif"/>
There is a risk of injection in this notation.
650) this.width=650; "src=" http://blog.51cto.com/e/u261/themes/default/images/spacer.gif "border=" 0 "style=" white-space:normal;border:1px solid RGB (221,221,221); Background-image:url ("/e/u261/lang/zh-cn/images/ Localimage.png "); background-position:50% 50%;background-repeat:no-repeat;" alt= "Spacer.gif"/>select * from TableA where col1 = ' + ColId + ';
To use Parameter form: parameter
This article is from the "Frog Qing" blog, please be sure to keep this source http://wuxueqing.blog.51cto.com/13389311/1973704
Analysis and solution of site SQL injection problem