Although SQL injection is not as common as before, it still exists in some small and medium websites. For example, a URL of the website
The simplest way to detect the SQL injection vulnerability is to add a single quotation mark (') after the parameter 332 to observe the program response. If an error log is generated, it indicates that the SQL injection vulnerability may exist. Website response
Directly print the background error. This error indicates that the background database may be Microsoft's ACESS. If you want to continue verification, you can change 332 to 330 + 2, however, 330 + 2 requires url encoding, that is, 330% 2b2. If the returned interface is the same, the vulnerability exists. If you want to manually detect the database name, table name, field name, and data, you can try to spell out various SQL commands by yourself.
Here I use the sqlmap tool. sqlmap is written in python. Because it is an explanatory language, it can be used across platforms. This tool is installed by default in linux, taking backtrack 5 as an example. First, test the database name, such:
The results show that the SQL injection vulnerability exists. The background database is acess, but no database name is detected. Then directly test the table name, such:
The database name is detected and two table names are listed. You can use sqlmap to check the column name and download data. For sqlmap usage, see Backtrack Command Parsing (information gathering ).
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
