1, background: Recently learned webgoat to the SQL injection this lesson, to complete this lesson need to intercept HTTP requests, modify parameters, but in the modified parameters to add special characters to complete. Let's learn it together.
2. Title:
Roughly translate the topic: Bypass authentication using SQL injection. Use SQL injection to log in to the boss's account Neville instead of using the correct password. Verify that the Neville files can be browsed and that all functions are available. (These features include querying, creating, and deleting)
3, but how do I know Neville's password? ...... The topic says SQL injection. So let's get started.
The vast majority of ①password are stored in string form, so this is definitely a string injection. The injected form is typically test ' or ' 1 ' = ' 1 at this point, we meet the need to write special characters in the HTTP request parameters
② Find a random input box, enter the above content, and then send the request to the server, see the encoded parameters, test%27+or+%271%27%3d%271
4, access to information, found that the law is%+ASCII code. Now I use the summary as follows "Update at any time, welcome to add"
Special characters |
Coding |
Space |
+ |
Single quotation marks |
%27 |
Equals |
%3d |
Handling of special characters in parameters of SQL injection-http requests