Part III/page-3 Stacked injection
Background-8 Stacked Injection
Stacked injections: Stack injection. From the meaning of the noun you can see that a bunch of SQL statements (multiple lines) should be executed together. And in the real use of the same, we know in MySQL, the main command line, the end of each statement plus; Represents the end of a statement. So we can think of whether it is possible to use multiple sentences together. This is called stacked injection.
Introduction to the principle of 0x01In SQL, a semicolon (;) is used to represent the end of an SQL statement. Think of us in; After ending an SQL statement, continue to construct the next statement, will it be executed together? So the idea is to create a stack injection. and union injection (joint injection) is also the combination of two statements, what is the difference between the two? The difference is that the type of statement that the Union or union all executes is limited and can be used to execute a query statement, while a stack injection can execute arbitrary statements.
For example, the following example.
When the query is executed, the first one displays the query information, and the second one deletes the entire table.
Limitations of 0x02 Stacking injectionThe limitation of stack injection is that not every environment can be executed, may be limited by the API or the database engine is not supported, of course, insufficient permissions can also explain why the attacker could not modify the data or invoke some programs.
Ps: This image is intercepted from the original text, because my personal test environment is php+mysql, can be executed, there is doubt about mysql/php. But the individual estimates the original author may have different reasons for my version.
Although we mentioned earlier that a stack query can execute arbitrary SQL statements, this injection is not perfect. In our web system, because the code usually returns only one query result, the second statement of the stack injection produces an error or the result can only be ignored, and we cannot see the return result on the front-end interface.
Therefore, when reading data, we recommend the use of Union (Union) injection. We also need to know some database related information such as table name, column name and so on before using stack injection.
0X03 Individual Database Instance IntroductionIn this section, we describe the usage of several types of databases from a common database perspective. The basic operation of the database, adding and removing check and change. The basic operations for database-related stack injection are listed below.
MySQL Database
(1) Create a new table select * from the Users where Id=1;create table test like users;
?
Successful execution, let's see if we can create a new success table.
?
Load File select * from Users where Id=1;select load_file (' c:/tmpupbbn.php ');
?
VALUES (' + ', ' new ', ' new ');
?
?
?
SQL Server Database
(3) query data Select 1,2,3;select * from test;
Select * from Test where id=1; EXEC Master. xp_cmdshell ' ipconfig '
?
Oracle Database
As we have mentioned in the above introduction, Oracle cannot use stack injection and can see that when there are two statements on the same line, an error is made directly. Invalid character. The back will not go down to try.
?
PostgreSQL database
You can see that the User_data table has been built.
?
?
MySQL injected into the heavenly stacked injection
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
