Reprinted from: Https://bbs.ichunqiu.com/thread-12105-1-1.html
What is SQL injection
SQL Injection Basic Introduction
Structured Query Language (structuredquery Language, abbreviation: SQL) is a special programming language for standard data query languages in databases. In October 1986, the American National Standards Institute (X3) standardized SQL as a standard language for relational database management systems (ANSI). 135-1986), with the support of the International Standards Organization (ISO) in 1987. However, in the course of practice, various database systems have made some modifications and extensions to the SQL specification. So, in fact, the SQL between different database systems cannot be completely common to each other.
SQL injection (sqlinjection) is a common web security vulnerability that could allow an attacker to access or modify data or exploit potential database vulnerabilities for attack.
Why SQL injection occurs
The attack behavior of SQL injection can be described as the attack behavior of the unexpected result when writing the program by injecting SQL syntax into user controllable parameters, destroying the original SQL structure. The cause can be attributed to the following two reasons for stacking:
1. Program writers construct SQL statements using string concatenation when dealing with application and database interactions
2. User-controllable parameters are not filtered enough to stitch the contents of the parameters into the SQL statement
SQL injection Attack mode
The attack method of SQL injection can be divided into explicit injection, error injection and blind note according to the different contents of the application processing database return:
1, can be injected: attackers can directly in the current interface content to get what they want to get
2, Error injection: The database query return results are not displayed in the page, but the application of the database error information printed to the page, so the attacker can construct the database error statement, from the error message to obtain the content
3, Blind: Database query results can not be obtained from the visual page, the attacker through the use of database logic or the database library execution delays and other methods to obtain the desired content
how to do SQL injection Attacks
SQL injection attacks are a very annoying security vulnerability and are all web developers, no matter what the platform, technology, or data layer, need to be sure they understand and prevent things. Unfortunately, developers tend not to spend a bit of time concentrating on this, even their applications, and, worse, their customers are extremely vulnerable to attack. The following trilogy from the vulnerability discovery to the identification of vulnerability, and then exploit, the last vulnerability defense four aspects of the technology to do a detailed explanation.
SQL Injection Trilogy:
1, Penetration Defense Web Chapter-sql injection Attack primary
2, penetration defense Web-sql Injection Attack Intermediate
3, Penetration Defense Web Chapter-sql Injection Attack advanced
SQL injection experience and tips
Experience is important, and success often follows many failures. To reduce the failure, read more articles accumulate skills, the following collection of forum related technical Articles, from various aspects of SQL injection.
1. SQL Learning Notes
2, everyone can learn the advanced skills of MySQL injection
3. Detailed MySQL Injection
4, Shallow talk. NET application SQL injection
5. Using DNS to get data in SQL injection
6. How to exploit SQL injection vulnerability in Web security series (two injections)
7, in-depth understanding of PHP+MYSQL injection and repair!
8. Skill integration-Alternative use of MySQL injection point
9. Talking about post injection in SQL injection
Tool Tutorial Article:
1, Sqlmap injection Tutorial-11 kinds of common Sqlmap use method detailed
2. Sqlmap Tamper WAF bypasses script list comments
3, 0 Basic Combat Audit SQL Injection Vulnerability
4. Summary of passive SQL injection artifact
5. Using Burpsuit to learn to inject tool statements
Code Audit Chapter:
1. PHP Code Audit SQL injection
2, Joomla 3.XSQL Injection Vulnerability Analysis
3. Talking about the SQL injection of JSP Security development
4, the Code audit Bypass Addslashes Summary
Related Technologies and Documentation:
1. mysql Database learning
2. SQL injection Self-study guide
3, MSSQL injection of frequently used commands
Professional video Tutorial-farewell to the boring text
1. SQL Injection Vulnerability -video + experiment: Ingenious
2. SQL injection Vulnerability audit and vulnerability mining
3, Popular Science class -sql(Structured Query Language) injection attack benefits
- Change the SQL (Structured Query Language) code to cover up your attacks
- Making SQL (Structured Query language) injection attacks
- Explains a SQL (Structured Query language) injection attack
4,SQL Injection Vulnerability detection and patching technology (there is attack and prevention is kingly)
SQL Injection Tool
Sqlmap is an open-source penetration testing tool that can be used to automate detection, exploit SQL injection vulnerabilities, and gain access to the database server. It has a powerful detection engine, a feature option for penetration testing of various types of databases, including obtaining data stored in a database, accessing operating system files, and even executing operating system commands in the form of a take-out data connection.
Project Address: Https://github.com/sqlmapproject/sqlmap
The Super SQL Injection tool (ssqlinjection) is an HTTP protocol-based self-package SQL injection tool that supports SQL injection anywhere in the HTTP protocol, supports various types of SQL injection, and supports HTTPS mode injection. Currently support bool type blind, error display injection, union injection, support access, MySQL5 above, SQL Server, Oracle and other databases. The use of C # development, the bottom of the socket package for HTTP interaction, greatly improve the efficiency of the contract, compared to C # HttpWebRequest speed increased 2-5 times. Support blind environment to obtain the world language data, direct seconds to kill various injection tools in the blind environment can not support the Chinese and other multibyte-encoded data.
Project Address: http://www.shack2.org/article/1417357815.html
Pangolin is a security tool that helps penetration testers perform SQL injection testing. It has a friendly graphical interface and supports testing of almost any database, and is able to achieve maximum attack testing with a very simple set of operations.
Charges, so do not put the project address.
Havij is an automated SQL injection tool that not only automates the mining of available SQL queries, but also identifies back-end database types, retrieves user name and password hashes for data, dumps tables and columns, extracts data from a database, and even accesses the underlying file system and executes system commands.
Charges, so do not put the project address.
5. The Mole
The mole is an open source automated SQL Injection tool that bypasses the Ips/ids (Intrusion prevention system/intrusion detection system). Simply provide a URL and a usable keyword that will detect the injection point and exploit it. The mole can use union injection technology and logical query-based injection technology. The Mole attack range includes SQL Server, MySQL, Postgres, and Oracle databases.
Project Address: nasel.com.ar
Sqlninja is a perl-written SQL injection tool specifically for MicrosoftSQL server. Unlike other injection tools available on the market, Sqlninja does not focus on running a database, but instead focuses on getting a shell.
Project Address: http://www.northernfortress.net/
Kali self-bringing tools
7 , Bbqsql
Bbqsql is a Python-written blind tool (Blind SQL injectionframework) that can be useful when you are detecting a suspected injection vulnerability. Bbqsql is also a semi-automatic tool that allows customers to customize parameters.
Project Address: https://github.com/Neohapsis/bbqsql/
Jsql is a Java-developed lightweight remote server Database Injection Vulnerability testing tool, free, open source, cross-platform (Windows, Linux, Mac OS X, Solaris).
Project Address: Https://code.google.com/p/jsql-injection/downloads/list
Sqlsus is an open source MySQL injection and Takeover tool, Sqlsus written in Perl, based on the command line interface. Sqlsus can get the database structure, inject your own SQL statements, download files from the server, crawl Web sites writable directories, upload and control backdoors, clone databases, etc.
Project Address: http://sqlsus.sourceforge.net/download.html
10. SQL Poizon
SQL Poizon is a SQL injection scanner that uses search engines to gather Web sites with SQL injection vulnerabilities on the Internet. The tool has built-in browser and injection task tools to check the injection effect. The SQL Poizon interface is simple, even if you don't have a lot of technical skills to get started.
This is very old do not provide address, the Internet a lot.
Summary of SQL injection learning data