SQL Injection (HTTP header Introduction)

HTTP Header details (go from Network)
1, accept: Tell the WEB server to accept what the media type, */* represents any type, type/* represents all sub-types under the type, Type/sub-type.

2, Accept-charset: The browser affirms that it receives the character set MySQL injection---sqlilabs---lcamry47accept-encoding: The browser affirms its own received encoding method, usually specifies the compression method, whether compression is supported, What compression methods are supported (Gzip,deflate) Accept-language:: The browser affirms the language it receives. Language and Character set differences: Chinese is a language, Chinese has a variety of character sets, such as: BIG5,GB2312,GBK and so on.

3. The Accept-ranges:web server indicates whether it accepts requests to obtain part of an entity (such as a part of a file). Bytes: Accept, none: Indicates not accepted.

4. Age: When the proxy server responds to a request with its own cached entity, it is used to indicate how long the entity has been from the time it was produced to the present.

5. Authorization: When the client receives the Www-authenticate response from the Web server, it uses the header to respond to its own authentication information to the Web server.

6, Cache-control: Request: No-cache (do not cache the entity, request now from the WEB server to fetch)
Max-age: (Accept only the age value is less than the Max-age value, and there are no expired objects)
Max-stale: (Can accept past objects, but the expiration time must be less than Max-stale value)
Min-fresh: (accepts cached objects whose freshness life is greater than the sum of its current age and Min-fresh values)
Response: Public (can respond to any user with Cached content)
Private (only cached content can be used to respond to the user who previously requested the content)
No-cache (can be cached, but only after the WEB server has verified that it is valid to be returned to the client)
Max-age: (The expiration time of the object contained in this response)
All:no-store (cache not allowed)

7, Connection: Request: Close (Tell the Web server or proxy server, after completing the response of this request, disconnect, do not wait for subsequent requests for this connection).
KeepAlive (tells the Web server or proxy server, after completing the response of this request, remains connected, waiting for subsequent requests for this connection).
Response: Close (the connection is closed).
KeepAlive (connection is maintained, waiting for subsequent requests for this connection).

Keep-alive: If the browser requests to remain connected, the header indicates how long (in seconds) you want the WEB server to remain connected. For example: The keep-alive:3008, Content-encoding:web server indicates what compression method (Gzip,deflate) is used to compress the objects in the response. For example: CONTENT-ENCODING:GZIP9, the Content-language:web server tells the browser the language of the object it responds to.

10. The Content-length:web server tells the browser the length of the object it responds to. Example: content-length:26012

11. The Content-range:web server indicates which part of the entire object the response contains. Example: Content-range:bytes 21010-47021/47022

12. The Content-type:web server tells the browser what type of object it responds to. Example: Content-type:application/xml

13, ETag: is an object (such as the URL) of the flag value, in terms of an object, such as an HTML file, if modified, its etag will not be modified, so the role of the etag is similar to the role of Last-modified, Primarily for Web servers to determine if an object has changed. For example, when a previous request for an HTML file, the ETag was obtained, and when the file is requested, the browser will send the previously obtained ETag value to the Web server, and then the Web server will compare the ETag with the file's current ETag, And then we know that this file has not changed.

14. The Expired:web server indicates when the entity will expire and, for expired objects, can be used to respond to customer requests only after it has verified its validity with the WEB server. It's http/1.0 's head. For example: Expires:mysql injection---sqlilabs---lcamry48sat, 10:02:12 GMT

15. Host: The client specifies the domain/IP address and port number of the WEB server that you want to access. Example: Host:rss.sina.com.cn

16, If-match: If the object's ETag does not change, it means that the object does not change, only to perform the requested action.

17. If-none-match: If the ETag of an object changes, it also means that the object has changed to perform the requested action.

18. If-modified-since: If the requested object is modified after the time specified by the header, the requested action (such as the return object) is executed, otherwise the code 304 is returned, telling the browser that the object has not been modified. Example: If-modified-since:thu, APR 09:14:42 GMT

19. If-unmodified-since: If the requested object is not modified after the time specified in the header, the requested action (such as returning an object) is performed.

20. If-range: The browser tells the WEB server that if the object I requested does not change, give me the missing part, and if the object changes, give me the whole object. The browser can tell the WEB server whether the object has changed by sending the ETag of the requested object or the last modification time it knows. Always used with the Range header.

21, the Last-modified:web server considers the last modification time of the object, such as the last modification time of the file, the last generation time of the dynamic page, etc. For example: Last-modified:tue, May 02:42:43 GMT

22. The Location:web server tells the browser that the object you are trying to access has been moved to a different location to fetch it at the location specified by the header. Example: Location:http://i0.sinaimg.cn/dy/deco/2008/0528/sinahome_0803_ws_005_text_0.gif

23, Pramga: The main use of pramga:no-cache, equivalent to Cache-control:no-cache. Example: Pragma:no-cache

24. Proxy-authenticate: The proxy server responds to the browser and requires it to provide proxy authentication information. Proxy-authorization: The browser responds to the proxy server's authentication request and provides its own identity information.

25. Range: The browser (such as Flashget multi-threaded download) tells the WEB server what part of the object you want to take. Example: range:bytes=1173546-

26. Referer: The browser indicates to the Web server which page/url obtained/clicked on the URL/url in the current request. Example: referer:http://www.sina.com/

27, Server:web server indicates what software and version of the information. Example: server:apache/2.0.61 (Unix)

28. User-agent: The browser indicates its identity (which browser). For example: user-agent:mozilla/5.0 (Windows; U Windows NT 5.1; ZH-CN; rv:1.8.1.14) gecko/20080404 firefox/2.0.0.4

29. Transfer-encoding:web server indicates how to encode the response message body (not the object inside the message body), such as whether it is chunked (chunked). Example: transfer-encoding:chunked

30. The Vary:web server uses the contents of the header to tell the cache server under what conditions the object returned by this response responds to subsequent requests. If the source Web server receives the first request message, the header of its response message is: Content-encoding:gzip; Vary:content-encoding then the cache server parses the header of the subsequent request message and checks if its accept-encoding is consistent with the Vary header value of the previous response, that is, whether the same content encoding method is used, which prevents the cache The server responds to the compressed entity in its own Cache to a browser that does not have the ability to decompress. Example: vary:accept-encoding

SQL Injection (HTTP header Introduction)