Injection technology-Digital injection

Source: Internet
Author: User

"Experimental Purpose"

1) Understanding the principles of SQL injection

2) Learn the SQL injection process



"Experimental principle"

SQL injection, by inserting a SQL command into a Web form to submit or entering a query string for a domain name or page request, eventually achieves a malicious SQL command that deceives the server. Specifically, it is the ability to inject (malicious) SQL commands into the background database engine execution using existing applications, which can be obtained by entering (malicious) SQL statements in a Web form to a database on a Web site that has a security vulnerability, rather than executing the SQL statement as the designer intended. For example, many of the previous film and television sites leaked VIP membership password is mostly through the Web form to submit query characters, such forms are particularly vulnerable to SQL injection attacks.



"Experimental Steps"

I. Determine the type of website program

1.1 Enter the target site address in the attacker's IE address bar to enter the target site.

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/77/C2/wKiom1ZtoPegaRvLAAFaRNS90S0293.png "style=" float: none; "title=" 111.png "alt=" Wkiom1ztopegarvlaafarns90s0293.png "/>


1.2 Click the connection in the target site, the suffix of the Popup interface is: ASP? id=45, this site type is ASP.


Second, find the injection point

2.1 In an ASP? Add single quotes "'" At the end of the id=45 to make a simple judgment.

2.2 Add a single quote after the link to get the server error feedback, you can determine that the site has an injection vulnerability


650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/77/C2/wKiom1ZtoPfiXUsuAABPWbPJcm0223.png "style=" float: none; "title=" 222.png "alt=" Wkiom1ztopfixusuaabpwbpjcm0223.png "/>


Third, the use of the Ming Boy tool for detection scan

3.1 Bright Boy tool in the Toolbox, start the file as Domain.exe. Start interface

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/77/C1/wKioL1ZtoP6SLtdSAAD1oKVYHhI511.png "style=" float: none; "title=" 333.png "alt=" Wkiol1ztop6sltdsaad1okvyhhi511.png "/>




3.2 Copy the connection with the injection point to the bright Boy, in the SQL injection guess under tab




3.3 Click "Start Detection" to pop up the message, so you can conclude that SQL injection



3.4 Click "Guess the table name", "Guess the list name", check the column name, click "Guess the Content", you can get the appropriate sensitive information, management user name: admin; Password: admin



650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/77/C2/wKiom1ZtoPvCQr4EAAEkDOy9Ez8168.png "style=" float: none; "title=" 444.png "alt=" Wkiom1ztopvcqr4eaaekdoy9ez8168.png "/>



3.5 The injected password is encrypted and we encrypt it.

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/77/C1/wKioL1ZtoZmzw7pZAABTgtjbY08445.png "title=" 55.png "alt=" Wkiol1ztozmzw7pzaabtgtjby08445.png "/>

Iv. looking for management background

4.1 Select "Manage Background" tab, click "Scan background Address" to get the background address




650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/77/C2/wKiom1ZtoPzx8P7eAAC-G-5Pp_I581.png "style=" float: none; "title=" 555.png "alt=" Wkiom1ztopzx8p7eaac-g-5pp_i581.png "/>


4.2 Right click on the background address, click "Open Link", you can enter the background management interface



4.3 Enter admin user and password to enter management background

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/77/C1/wKioL1ZtobjCu3dfAAAly-fVF4Y867.png "style=" float: none; "title=" 666.png "alt=" Wkiol1ztobjcu3dfaaaly-fvf4y867.png "/>

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/77/C1/wKioL1ZtobnxFerGAADGwVPU45I837.png "style=" float: none; "title=" 777.png "alt=" Wkiol1ztobnxfergaadgwvpu45i837.png "/>







This article from "Hong Seven Public" blog, reproduced please contact the author!

Injection technology-Digital injection

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.