Principle
The SQL injection attack refers to the introduction of a special input as a parameter to the Web application, which is mostly a combination of SQL syntax, the execution of SQL statements to perform the actions of the attacker, the main reason is that the program does not carefully filter the user input data, resulting in illegal data intrusion system.
According to the relevant technology principle, SQL injection can be divided into platform layer injection and Code layer injection. The former is caused by an insecure database configuration or a vulnerability to a database platform, which is mainly due to the fact that the programmer has not carefully filtered the input, thus executing the illegal data query. Based on this, the cause of SQL injection usually manifests in the following aspects: ① improper type processing, ② insecure database configuration, ③ unreasonable query set processing, ④ improper error handling, ⑤ escape character processing is inappropriate, ⑥ multiple commits improperly.
Attack
SQL injection attacks occur when an application constructs a dynamic SQL statement to access the database by using the input content. SQL injection can also occur if the code uses stored procedures that are passed as strings that contain unfiltered user input. SQL injection may result in an attacker using an application to log in to execute commands in the database. The associated SQL injection can be done through the test tool pangolin. This can become a serious problem if your application connects to the database using an account that is too privileged. In some forms, user-entered content is used directly to construct dynamic SQL commands, or as input parameters to stored procedures, which are particularly susceptible to SQL injection attacks. While many web-site programs are written, there is no judgment on the legality of user input or improper handling of the variables in the program, which makes the application security hidden trouble. In this way, the user can submit a database query code, according to the results returned by the program to obtain some sensitive information or control the entire server, so SQL injection occurs.
Protection
To summarize, the main points are as follows:
1. Never trust the user's input. The user's input can be verified by means of regular expressions, or by limiting the length, by single quotes and
Dual "-" for conversion, and so on.
2. Never use dynamically assembled SQL, either using parameterized SQL or directly using stored procedures for data query access.
3. Never use a database connection with administrator rights, and use a separate limited database connection for each app.
4. Do not store confidential information directly, encrypt or hash out passwords and sensitive information.
5. Applied exception information should give as few hints as possible, preferably using a custom error message to wrap the original error message
6.sql injection detection method generally take the aid software or website platform to detect, software generally use SQL injection detection Tool Jsky, website platform has billion think website security platform detection tools. Mdcsoft scan and so on. The use of mdcsoft-ips can effectively protect against SQL injection, XSS attacks and so on.
Typical SQL injection attacks, background identity bypass vulnerabilities, the following code
Authentication bypass vulnerability is ' or ' = ' or ' background bypass vulnerability, using the and and OR operation rules, resulting in background scripting logic errors such as the administrator's account password is the admin, then such as the background of the database query statement is User=request ( "User") passwd=request ("passwd"= "Select admin from adminbate where user= '$user' and passwd= '$passwd' then I use ' or ' a ' = 'A To do the username password, then the query becomes the Select admin from adminbate where user= ' or ' a ' = ' A ' and passwd= ' or ' a ' = ' a '
Talking about SQL injection attack