Summary of SQL injection learning data

Reprinted from: Https://bbs.ichunqiu.com/thread-12105-1-1.html

What is SQL injection

SQL Injection Basic Introduction

Structured Query Language (structuredquery Language, abbreviation: SQL) is a special programming language for standard data query languages in databases. In October 1986, the American National Standards Institute (X3) standardized SQL as a standard language for relational database management systems (ANSI). 135-1986), with the support of the International Standards Organization (ISO) in 1987. However, in the course of practice, various database systems have made some modifications and extensions to the SQL specification. So, in fact, the SQL between different database systems cannot be completely common to each other.

SQL injection (sqlinjection) is a common web security vulnerability that could allow an attacker to access or modify data or exploit potential database vulnerabilities for attack.

Why SQL injection occurs

The attack behavior of SQL injection can be described as the attack behavior of the unexpected result when writing the program by injecting SQL syntax into user controllable parameters, destroying the original SQL structure. The cause can be attributed to the following two reasons for stacking:

1. Program writers construct SQL statements using string concatenation when dealing with application and database interactions

2. User-controllable parameters are not filtered enough to stitch the contents of the parameters into the SQL statement

SQL injection Attack mode

The attack method of SQL injection can be divided into explicit injection, error injection and blind note according to the different contents of the application processing database return:

1, can be injected: attackers can directly in the current interface content to get what they want to get
2, Error injection: The database query return results are not displayed in the page, but the application of the database error information printed to the page, so the attacker can construct the database error statement, from the error message to obtain the content
3, Blind: Database query results can not be obtained from the visual page, the attacker through the use of database logic or the database library execution delays and other methods to obtain the desired content

how to do SQL injection Attacks

SQL injection attacks are a very annoying security vulnerability and are all web developers, no matter what the platform, technology, or data layer, need to be sure they understand and prevent things. Unfortunately, developers tend not to spend a bit of time concentrating on this, even their applications, and, worse, their customers are extremely vulnerable to attack. The following trilogy from the vulnerability discovery to the identification of vulnerability, and then exploit, the last vulnerability defense four aspects of the technology to do a detailed explanation.

SQL Injection Trilogy:

1, Penetration Defense Web Chapter-sql injection Attack primary

Http://bbs.ichunqiu.com/thread-9518-1-1.html

2, penetration defense Web-sql Injection Attack Intermediate

Http://bbs.ichunqiu.com/thread-9668-1-1.html

3, Penetration Defense Web Chapter-sql Injection Attack advanced

Http://bbs.ichunqiu.com/thread-10093-1-1.html

SQL injection experience and tips

Experience is important, and success often follows many failures. To reduce the failure, read more articles accumulate skills, the following collection of forum related technical Articles, from various aspects of SQL injection.

1. SQL Learning Notes

Http://bbs.ichunqiu.com/thread-2274-1-1.html

2, everyone can learn the advanced skills of MySQL injection

Http://bbs.ichunqiu.com/thread-10359-1-1.html

3. Detailed MySQL Injection

Http://bbs.ichunqiu.com/thread-10222-1-1.html

4, Shallow talk. NET application SQL injection

Http://bbs.ichunqiu.com/thread-7636-1-1.html

5. Using DNS to get data in SQL injection

Http://bbs.ichunqiu.com/thread-10005-1-1.html

6. How to exploit SQL injection vulnerability in Web security series (two injections)

Http://bbs.ichunqiu.com/thread-9193-1-1.html

7, in-depth understanding of PHP+MYSQL injection and repair!

Http://bbs.ichunqiu.com/thread-10090-1-1.html

8. Skill integration-Alternative use of MySQL injection point

Http://bbs.ichunqiu.com/thread-9903-1-1.html

9. Talking about post injection in SQL injection

Http://bbs.ichunqiu.com/thread-7762-1-1.html

Related tutorials

Tool Tutorial Article:

1, Sqlmap injection Tutorial-11 kinds of common Sqlmap use method detailed

Http://bbs.ichunqiu.com/thread-10583-1-1.html

2. Sqlmap Tamper WAF bypasses script list comments

Http://bbs.ichunqiu.com/thread-10387-1-1.html

3, 0 Basic Combat Audit SQL Injection Vulnerability

Http://bbs.ichunqiu.com/thread-10284-1-1.html

4. Summary of passive SQL injection artifact

Http://bbs.ichunqiu.com/thread-8428-1-1.html

5. Using Burpsuit to learn to inject tool statements

Http://bbs.ichunqiu.com/thread-8319-1-1.html

Code Audit Chapter:

1. PHP Code Audit SQL injection

Http://bbs.ichunqiu.com/thread-11308-1-1.html

2, Joomla 3.XSQL Injection Vulnerability Analysis

Http://bbs.ichunqiu.com/thread-1689-1-1.html

3. Talking about the SQL injection of JSP Security development

Http://bbs.ichunqiu.com/thread-9958-1-1.html

4, the Code audit Bypass Addslashes Summary

Http://bbs.ichunqiu.com/thread-10899-1-1.html

Related Technologies and Documentation:

1. mysql Database learning

Http://bbs.ichunqiu.com/thread-11248-1-1.html

2. SQL injection Self-study guide

Http://bbs.ichunqiu.com/thread-2141-1-1.html

3, MSSQL injection of frequently used commands

Http://bbs.ichunqiu.com/thread-3221-1-1.html

Professional video Tutorial-farewell to the boring text

1. SQL Injection Vulnerability -video + experiment: Ingenious
http://www.ichunqiu.com/course/405

2. SQL injection Vulnerability audit and vulnerability mining
http://www.ichunqiu.com/course/1325

3, Popular Science class -sql(Structured Query Language) injection attack benefits

• Change the SQL (Structured Query Language) code to cover up your attacks
• Making SQL (Structured Query language) injection attacks
• Explains a SQL (Structured Query language) injection attack

http://www.ichunqiu.com/course/51849

4,SQL Injection Vulnerability detection and patching technology (there is attack and prevention is kingly)
Http://www.ichunqiu.com/course/77

SQL Injection Tool

1, Sqlmap

Sqlmap is an open-source penetration testing tool that can be used to automate detection, exploit SQL injection vulnerabilities, and gain access to the database server. It has a powerful detection engine, a feature option for penetration testing of various types of databases, including obtaining data stored in a database, accessing operating system files, and even executing operating system commands in the form of a take-out data connection.

Project Address: Https://github.com/sqlmapproject/sqlmap

2, Ssqlinjection

The Super SQL Injection tool (ssqlinjection) is an HTTP protocol-based self-package SQL injection tool that supports SQL injection anywhere in the HTTP protocol, supports various types of SQL injection, and supports HTTPS mode injection. Currently support bool type blind, error display injection, union injection, support access, MySQL5 above, SQL Server, Oracle and other databases. The use of C # development, the bottom of the socket package for HTTP interaction, greatly improve the efficiency of the contract, compared to C # HttpWebRequest speed increased 2-5 times. Support blind environment to obtain the world language data, direct seconds to kill various injection tools in the blind environment can not support the Chinese and other multibyte-encoded data.

Project Address: http://www.shack2.org/article/1417357815.html

3, Pangolin

Pangolin is a security tool that helps penetration testers perform SQL injection testing. It has a friendly graphical interface and supports testing of almost any database, and is able to achieve maximum attack testing with a very simple set of operations.

Charges, so do not put the project address.

4, Havij

Havij is an automated SQL injection tool that not only automates the mining of available SQL queries, but also identifies back-end database types, retrieves user name and password hashes for data, dumps tables and columns, extracts data from a database, and even accesses the underlying file system and executes system commands.

Charges, so do not put the project address.

5. The Mole

The mole is an open source automated SQL Injection tool that bypasses the Ips/ids (Intrusion prevention system/intrusion detection system). Simply provide a URL and a usable keyword that will detect the injection point and exploit it. The mole can use union injection technology and logical query-based injection technology. The Mole attack range includes SQL Server, MySQL, Postgres, and Oracle databases.

Project Address: nasel.com.ar

6, Sqlninja

Sqlninja is a perl-written SQL injection tool specifically for MicrosoftSQL server. Unlike other injection tools available on the market, Sqlninja does not focus on running a database, but instead focuses on getting a shell.

Project Address: http://www.northernfortress.net/
Kali self-bringing tools

7 , Bbqsql

Bbqsql is a Python-written blind tool (Blind SQL injectionframework) that can be useful when you are detecting a suspected injection vulnerability. Bbqsql is also a semi-automatic tool that allows customers to customize parameters.

Project Address: https://github.com/Neohapsis/bbqsql/

8, Jsql

Jsql is a Java-developed lightweight remote server Database Injection Vulnerability testing tool, free, open source, cross-platform (Windows, Linux, Mac OS X, Solaris).

Project Address: Https://code.google.com/p/jsql-injection/downloads/list

9, Sqlsus

Sqlsus is an open source MySQL injection and Takeover tool, Sqlsus written in Perl, based on the command line interface. Sqlsus can get the database structure, inject your own SQL statements, download files from the server, crawl Web sites writable directories, upload and control backdoors, clone databases, etc.

Project Address: http://sqlsus.sourceforge.net/download.html

10. SQL Poizon

SQL Poizon is a SQL injection scanner that uses search engines to gather Web sites with SQL injection vulnerabilities on the Internet. The tool has built-in browser and injection task tools to check the injection effect. The SQL Poizon interface is simple, even if you don't have a lot of technical skills to get started.

This is very old do not provide address, the Internet a lot.

Summary of SQL injection learning data