0x00 Cause of sql injection
Language classification: interpreted language and compiled language. An interpreted language is one in which at runtime a runtime component interprets the language code and executes the instructions contained within it. Compiled languages, on the other hand, are codes that are converted into machine instructions when they are generated, and those instructions are then executed directly by the computer using the language at runtime.
In an interpreted language, if the program interacts with the user. The user can construct special input to be spliced into the program for execution, so that the program executes code that may have malicious behavior based on user input.
For example: In a program that interacts with users, the user's input is spliced into SQL statements, which executes behaviors different from the original plan, resulting in SQL injection vulnerabilities.
0x01 Injection during login
Login SQL statement: select * from admin where username = 'username entered by the user' and password = 'password entered by the user'
The content entered by the user can be controlled by the user, for example, you can enter ' or 1=1 --space
SQL statement: select * from admin where username = ' ' or 1=1 -- ' and password = 'password entered by the user'
where or 1=1 is always true, -- the content behind the comment is no longer executed, so the SQL statement is executed will return all the content in the admin table.
The delay of burpsuite for sql injection
0x02 CMS SQL injection explanation
CMS logic: The index.php homepage displays the content, has a list of articles (the link has an article id), articles.php article detail page, and article.php?id=article id in the URL reads the id article.
SQL injection verification:
1. Single quotation mark '
2. and 1=1
3. and 1=2
If Mysql reports an error on the page, it proves that the page has a SQL injection vulnerability
Enter' an error occurs
and 1=1 returns normally, the condition is true
and 1=2 No query results appear, the condition is false
0x03 Sqlmap basic use
Sqlmap is a powerful tool for detecting and exploiting SQL injection vulnerabilities.
demo login injection
sqlmap detects the type and parameters of injection
Returns the corresponding available database
Demo CMS injection
Query available databases
-D specifies the cms database --tables queries all tables in the cms database
Got the articles table
Specify the cms database to query the information (column names) of all fields in the articles table
output the values of the three fields
For example, in a program that interacts with the user, the user's input is spliced into the SQL statement, and the behavior different from the original plan is executed, resulting in a SQL injection vulnerability.
For example: In a program that interacts with users, the user's input is spliced into SQL statements, which executes behaviors different from the original plan, resulting in SQL injection vulnerabilities.