SQL injection test Platform Sqlol-2.select injection test

In front, we have installed the sqlol, open http://localhost/sql/, first jump to http://localhost/sql/select.php, we first test from the Select module.

Slect module, with input processing and output processing, can be configured with different SQL injection situation, here first in the simplest, do not do any input processing of the situation to test, slowly in-depth, SQL configuration such as:

1. Input Test statement

2, display the complete SQL statement, easy to construct

3, choose the injection location (respectively 8 different injection location, below we take the injection position classification test)

One, the string in the WHERE clause

Tips: Character-type injection;

In the injection string, enter: admin, display the statement, select the injection position as the string in the WHERE clause, and return the information:

We can know that the admin we entered is stitched into the WHERE clause, and then we start to construct the POC:

Admin ' Union Select User () #

For example, we obtain the database user name ([email protected]), you can replace user () with other query statements to query other data.

Number in the WHERE clause

Tips: Similar to the string in the WHERE clause above, different, this is a digital injection;

In the injection string, enter: 1, display the statement, select the location of the injection, the data in the WHERE clause, the returned information is:

SELECT username from users WHERE isadmin = 1  

To construct a POC:

For example, we obtain the database user name.

Iii. the entire statement

Tips: You can execute any SQL statement directly

Enter in the injection string: SELECT * from Users,users is the database user table, displays the statement, selects the injection location as the entire statement, and returns the following information:

You can enter any SQL statement execution here.

Iv. Name of Column

Tips: Injection position in username

Username

How to use:

1. Query the Users table for input fields, or use * Instead, query all the data in the Users table

2, comment out the following statement, and select directly splicing, for example: the injection string location input version (), splicing into

Replace version (), enter additional database query statements to query other data

V. Name of Table

Tips: Injection locations in the table users

How to use:

1. Enter the correct table name, Union select query

　

Vi. ORDER BY clause

Tips: Injection locations in order by

When a union operation is used, the sort statement must be placed on the last side correctly, meaning that order by is only used in the last subquery of the Union, and therefore cannot be used here with union Slect.

How to use:

Error injection

1 and (select 1 from (SELECT COUNT (*), concat (select (SELECT DISTINCT concat (0x7e,schema_name,0x7e) from Informati On_schema.schemata limit 0,1)) from Information_schema.tables limit 0,1), floor (rand (0) *)) x from Information_ Schema.tables GROUP by X) a) #

Get the database sqlol, you can use other statements to continue the error injection.

Reference: http://www.myhack58.com/Article/html/3/7/2013/38704.htm

Vii. GROUP BY clause

Tips: Injection locations in GROUP by

The GROUP BY statement is used to combine aggregate functions to group result sets based on one or more columns.

How to use:

1, as with order by, direct error injection

2, in the MSSQL, you can use group by, have to explode the current column

Viii. HAVING clause

Tips:having Location

How to use:

Error injection

SQL injection test Platform Sqlol-2.select injection test