SQL injection: When will SQL be used? Answer is the time to access the database, that is, SQL injection directly threatens the data source, hehe, the database has received a threat, the site can be normal reality?
so-called SQL injection, is by inserting SQL commands into the Web form The query string that submits or enters a domain name or page request, eventually reaching the spoofed server to execute a malicious SQL command. Specifically, it is the ability to inject (malicious) SQL commands into the background database engine execution using existing applications, which can be obtained by entering (malicious) SQL statements in a Web form to a database on a Web site that has a security vulnerability, rather than executing the SQL statement as the designer intended. [1] For example, many of the previous film and television sites leaked VIP membership password is mostly through the Web form to submit query characters burst out, such forms are particularly vulnerable to SQL injection attack
according to the relevant technology principle, SQL injection can be divided into platform layer injection and Code layer injection. The former is caused by an insecure database configuration or a vulnerability to a database platform, which is mainly due to the fact that the programmer has not carefully filtered the input, thus executing the illegal data query. Based on this, the cause of SQL injection usually manifests in the following aspects: ① improper type processing, ② insecure database configuration, ③ unreasonable query set processing, ④ improper error handling, ⑤ escape character handling is inappropriate, ⑥ multiple commits improperly.
Injection method:
1. Guess table name, column name, etc.
Guess table name first
and (Select count (*) from table name) <>0
guess column name
and (Select count (column name) from table name) <>0
Span style= "White-space:pre" > or you can do so
and exists (SELECT * from table name)
and exists (select Column name from table name)
Returns the correct, then the table or column name is correct
2. Background authentication Bypass Vulnerability
authentication Bypass vulnerability is ' or ' = ' or ' background bypass vulnerability, using the arithmetic rules of and and OR, Resulting in background scripting logic error
For example, the administrator's account password is admin, then such as the background of the database query statement is
user=request (" user ")
passwd=request (" passwd ")
sql= ' Select admin from adminbate where user= ' & ' &user& ' & ' and passwd= ' & ' &passwd& '
then I use ' or ' a ' = ' A To do the username and password, Then the query becomes
Select admin from adminbate where user= ' or ' a ' = ' a ' and passwd= ' or ' a ' = ' a '
So, according to the rules of operation, here a total of 4 query statements, then the query result is False or True and False or true, first count and and then calculate or, the final result is true Span style= "White-space:pre" > so you can go backstage
How to prevent it? To summarize, the main points are as follows:
1. Never trust the user's input. The user's input can be verified by means of regular expressions, or by limiting the length, by single quotes andDual "-" for conversion, and so on. 2. Never use dynamically assembled SQL, either using parameterized SQL or directly using stored procedures for data query access. 3. Never use a database connection with administrator rights, and use a separate limited database connection for each app. 4. Do not store confidential information directly, encrypt or hash out passwords and sensitive information. 5. Applied exception information should give as few hints as possible, preferably using a custom error message to wrap the original error message6.sql Injection detection method generally take the aid software or website platform to detect, software generally use SQL injection detection Tool Jsky, website platform has billion think website security platform detection tools. Mdcsoft scan and so on. The use of mdcsoft-ips can effectively protect against SQL injection, XSS attacks and so on. Wait for the test .....
Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.
SQL injection principle and how to avoid injection