This article will describe some problems of SQL injection from 5 aspects, such as vulnerability principle, test, exploit, harm, repair. Then introduce some of the techniques of SQL injection.
- Vulnerability principle
Injection-like vulnerabilities are owasp TOP 10 regulars, and SQL injection should be very high. By the way, popular Science injection-type vulnerability, including SQL,OS,LDAP injection.
SQL injection is a vulnerability that occurs at the application database level, when untrusted data is sent to the parser as part of the query statement, and the attacker is able to spoof the parser and execute the unplanned commands when it is issued to the resolver, ignoring the check in the poorly designed application.
Case:
String query = "SELECT * from Accounts WHERE custid='" +request.getparameter ("id") + "'"; When an attacker passes in an ID parameter of ' or ' 1 ' = ' 1
Query statements are stitched into SELECT * from accounts WHERE custid=' or ' 1 ' = ' 1 ' ;
This query is sent to the parser, and the result returned after the parse execution is all records of the accounts table. More dangerous attacks can cause data to be tampered with or even stored procedures being invoked.
- Vulnerability Testing
Manual testing:
SQL injection Detailed