"Experimental Purpose"
1) Understanding the principles of SQL injection
2) Learn the SQL injection process
"Experimental principle"
SQL injection, by inserting a SQL command into a Web form to submit or entering a query string for a domain name or page request, eventually achieves a malicious SQL command that deceives the server. Specifically, it is the ability to inject (malicious) SQL commands into the background database engine execution using existing applications, which can be obtained by entering (malicious) SQL statements in a Web form to a database on a Web site that has a security vulnerability, rather than executing the SQL statement as the designer intended. For example, many of the previous film and television sites leaked VIP membership password is mostly through the Web form to submit query characters, such forms are particularly vulnerable to SQL injection attacks.
"Experimental Steps"
I. Determine the type of website program
1.1 Enter the target site address in the attacker's IE address bar to enter the target site.
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/77/C2/wKiom1ZtoPegaRvLAAFaRNS90S0293.png "style=" float: none; "title=" 111.png "alt=" Wkiom1ztopegarvlaafarns90s0293.png "/>
1.2 Click the connection in the target site, the suffix of the Popup interface is: ASP? id=45, this site type is ASP.
Second, find the injection point
2.1 In an ASP? Add single quotes "'" At the end of the id=45 to make a simple judgment.
2.2 Add a single quote after the link to get the server error feedback, you can determine that the site has an injection vulnerability
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/77/C2/wKiom1ZtoPfiXUsuAABPWbPJcm0223.png "style=" float: none; "title=" 222.png "alt=" Wkiom1ztopfixusuaabpwbpjcm0223.png "/>
Third, the use of the Ming Boy tool for detection scan
3.1 Bright Boy tool in the Toolbox, start the file as Domain.exe. Start interface
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/77/C1/wKioL1ZtoP6SLtdSAAD1oKVYHhI511.png "style=" float: none; "title=" 333.png "alt=" Wkiol1ztop6sltdsaad1okvyhhi511.png "/>
3.2 Copy the connection with the injection point to the bright Boy, in the SQL injection guess under tab
3.3 Click "Start Detection" to pop up the message, so you can conclude that SQL injection
3.4 Click "Guess the table name", "Guess the list name", check the column name, click "Guess the Content", you can get the appropriate sensitive information, management user name: admin; Password: admin
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/77/C2/wKiom1ZtoPvCQr4EAAEkDOy9Ez8168.png "style=" float: none; "title=" 444.png "alt=" Wkiom1ztopvcqr4eaaekdoy9ez8168.png "/>
3.5 The injected password is encrypted and we encrypt it.
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/77/C1/wKioL1ZtoZmzw7pZAABTgtjbY08445.png "title=" 55.png "alt=" Wkiol1ztozmzw7pzaabtgtjby08445.png "/>
Iv. looking for management background
4.1 Select "Manage Background" tab, click "Scan background Address" to get the background address
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/77/C2/wKiom1ZtoPzx8P7eAAC-G-5Pp_I581.png "style=" float: none; "title=" 555.png "alt=" Wkiom1ztopzx8p7eaac-g-5pp_i581.png "/>
4.2 Right click on the background address, click "Open Link", you can enter the background management interface
4.3 Enter admin user and password to enter management background
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/77/C1/wKioL1ZtobjCu3dfAAAly-fVF4Y867.png "style=" float: none; "title=" 666.png "alt=" Wkiol1ztobjcu3dfaaaly-fvf4y867.png "/>
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/77/C1/wKioL1ZtobnxFerGAADGwVPU45I837.png "style=" float: none; "title=" 777.png "alt=" Wkiol1ztobnxfergaadgwvpu45i837.png "/>
This article from "Hong Seven Public" blog, reproduced please contact the author!
Injection technology-Digital injection