In the previous Boven introduced how to do the ASP website manual injection, the ASP website mostly uses the access or the MSSQL database, therefore so-called for ASP's SQL injection actually is according to the access or the MSSQL database characteristic to construct the query statement. In addition, for the PHP site is mostly the use of MySQL database, here to be manually injected when the query statement used is not the same, and relatively complex. To better understand, before the injection of the PHP site, it is necessary to understand some basic features of MySQL and common operation statements.
First, you need to build a MySQL lab environment, which is recommended to install MySQL services on Linux systems.
After mounting the disc and setting up the Yum source, install the run MySQL service.
# yum install MySQL installation mysql
# service mysqld start running MySQL
MySQL default administrator account is root, no password, so you can execute "mysql–u root" command, log in as root user MySQL. However, it is advisable to use the Mysqladmin command tool to set a password for the root user and then log in to MySQL with a password.
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "Http://img1.51cto.com/attachment/201411/1/70821_1414800260T1J2.png" height= "205"/>
After logging in to MySQL, you can operate in an interactive command environment with the prompt "mysql>". In this operating environment, each database management command entered must have a semicolon ";" Indicates the end, which can be case insensitive.
(1) View basic information
Execute "select version ();" command to view the MySQL version, you can see that the current version is 5.0.77.
Mysql> select version ();
+-----------+
| Version () |
+-----------+
| 5.0.77 |
+-----------+
1 row in Set (0.00 sec)
Execute "SELECT @ @version_compile_os;" command to view the operating system version, you can see that the current system is Redhat Linux.
Mysql> SELECT @ @version_compile_os;
+----------------------+
| @ @version_compile_os |
+----------------------+
| Redhat-linux-gnu |
+----------------------+
1 row in Set (0.00 sec)
Execute "Select User ();" command to view the current user, you can see that the current user is root.
Mysql> Select User ();
+----------------+
| User () |
+----------------+
| [Email protected] |
+----------------+
1 row in Set (0.07 sec)
Execute "SELECT database ();" command to view the currently open database, you can see that no database is currently open (NULL).
Mysql> Select Database ();
+------------+
| Database () |
+------------+
| NULL |
+------------+
1 row in Set (0.01 sec)
(2) View the list of databases
Execute "show databases;" command to see which databases the MySQL party contains, by default 3 databases are built into MySQL: information_schema, MySQL, test.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| Information_schema |
| MySQL |
| Test |
+--------------------+
3 Rows in Set (0.00 sec)
(3) Switch database
Execute the "Use information_schema;" Command to open the INFORMATION_SCHEMA database.
mysql> use INFORMATION_SCHEMA;
Reading table information for completion of table and column names
Can turn off this feature to get a quicker startup with-a
Database changed
INFORMATION_SCHEMA is a database that comes with the default in a later version of MySQL5, which contains information about all the other databases created by the user in MySQL. Therefore, in the PHP injection, it is mainly for the database operation.
(4) Displaying tables in the database
After opening the database, execute "show tables;" command to display the tables contained in the database. 17 tables were included in the information_schema of the CPC.
Mysql> Show tables;
+---------------------------------------+
| Tables_in_information_schema |
+---------------------------------------+
| Character_sets |
| Collations |
| collation_character_set_applicability |
| COLUMNS |
| Column_privileges |
| Key_column_usage |
| PROFILING |
| ROUTINES |
| schemata |
| Schema_privileges |
| STATISTICS |
| TABLES |
| table_constraints |
| Table_privileges |
| TRIGGERS |
| User_privileges |
| views |
+---------------------------------------+
$ rows in Set (0.00 sec)
The more important in these tables are:
Schemata: The name used to store all other databases.
Tables: The name of the table used to hold all databases in MySQL.
Columns: The name of all the fields in all the tables that are used to hold all the databases in MySQL.
(5) Display the contents of the table
Execute "SELECT * from Schemata;" command to display all the contents of the Schemata table:
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "Http://img1.51cto.com/attachment/201411/1/70821_1414800261NlEU.png" height= "148"/>
As can be seen from the results of the command display, the current system contains 3 databases, which is consistent with the results previously seen.
(6) Use the INFORMATION_SCHEMA database to view the contents of all other databases
With this basic knowledge in mind, we can look at what we care about in all other databases through the INFORMATION_SCHEMA database.
For a better demonstration, let's exit the MySQL environment and then log back in again by executing the "exit" command.
After logging in, we will not open any databases first.
If we want to know which tables are included in the MySQL database, we can execute the command:
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "Http://img1.51cto.com/attachment/201411/1/70821_1414800261u4Gm.png" height= "380"/>
Since we do not have any databases open at the moment, "Information_schema.tables" represents the tables table in the Information_shema database, as described earlier in this table, which contains the names of all other tables in the database.
"table_name" is the field in tables that holds the table name, and "Tables_schema" is the field in tables that holds the name of the database.
If we want to know what fields are included in the user table of the MySQL database, you can execute the command:
650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "Http://img1.51cto.com/attachment/201411/1/70821_1414800262UUNb.png" height= "257"/>
With this knowledge in hand, we can then do a manual PHP injection.
This article from "a pot of turbid wine" blog, reproduced please contact the author!
Network security Series 18 MySQL basic operations (PHP injection Basics)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
