关于SQL注入的几类错误和产生-Mysql Tutorial-php.cn

Home

Database

Mysql Tutorial

关于SQL注入的几类错误和产生

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 07, 2016 pm 04:17 PM

about injection mistake

对于注入而言，错误提示是极其重要。所谓错误提示是指和正确页面不同的结果反馈，高手是很重视这个一点的，这对于注入点的精准判断至关重要。本问讨论下关于几类错误和他产生的原理，希望对读者有所帮助。错误提示主要有逻辑错误和语法错误以及脚本运行错误

　　对于注入而言，错误提示是极其重要。所谓错误提示是指和正确页面不同的结果反馈，高手是很重视这个一点的，这对于注入点的精准判断至关重要。本问讨论下关于几类错误和他产生的原理，希望对读者有所帮助。

错误提示主要有逻辑错误和语法错误以及脚本运行错误三类。

一：逻辑错误

简单的例子是1=1 1=2这两个，1=1与1=2页面不同的原理是什么？以$sql = “select * from news where id=$_GET［id］”为例。

select * from news where id=1 and 1=2产生的结果集为NULL，然后程序取值得时候，就会去出空值，无法显示。当然有的程序发现SQL执行结果集为空，就立即跳转，效果就不显鸟。值得注意的是，有的如Oracle Postgresql的数据库在结果集为空情况下会再页面上表现字符型null字样，这算是个特点。如果使用or条件，比如
3lian素材
select * from news where id=1 or 1=1

和and 1=2得结果正好相反，他的结果集十分庞大。如果SQL语句如此，再加上程序是循环读取结果集（一些编程上的陋习）那么会取出所有结果，结果可能运行很慢，在数据量巨大的oracle上容易出现。这个例子会出现什么呢，一般程序取出结果集中的第一条结果，那么很可能已经不是id=1的那条新闻了，这就是由些小菜奇怪有时候or 1=1页面会发生变化的原因。

归根到底，都是结果集不同造成的，灵活掌握是关键，这并非单纯的经验问题。

二：语法错误

语法错误时比较熟悉的，比如对于SQL Server，PgSQL，Sybase的注入错误提示都很重要，因为利用它的特性来获取信息很快速。语法错误造成的结果可能是SQL错误而中断脚本执行，但是脚本或服务器设置屏蔽错误的情况下，程序得到继续执行，但是结果集不存在，连NULL都算不上，反馈给攻击者的很可能就是结果集为空的情况，其实这是脚本的处理结果。当然Oracle PgSQL表现null。

三：运行错误不用说了，典型的就是利用mysql注入benchmark让脚本运行超时得到物理路径，，以及利用超时来获得不同的表征进行盲注入。

四：逻辑错误和语法错误的结合。

当表征极不明显的时候，利用类似iff这样的函数进行正确与否的区分有时候会成救命稻草。因为语法错误和逻辑错误的表征大多数情况都会有不同。

iff（1=1，1，‘no’）这个会产生结果1 注意是数字，而iff（1=2，1，‘no’）这个会产生‘no’ 是字符。那么

id=1 and 1=iff（1=1，1‘no’）正确是必然成立的，而id=1 and 1=iff（1=2，1，‘no’）会因为类型不同发生语法错误。不过可惜的是似乎支持iff函数的数据库不多，呵呵。

现在讲结果集在注入中的利用原理。

一：从‘or’‘=’开始

这是学习SQL注入的初级课程，登陆漏洞。我简略从SQL结果集上分析。

$sql = “select top 1 * from admin where username=‘$username’ and password=md5（‘$password’）”;

显而易见，‘or’‘=’的加入使SQL语句返回了一条记录，这才使验证通过。

二：再看现在的验证中的SQL

$sql = “select top 1 * from admin where username=‘$username’”;

结果集不为空才根据抽取的记录集中的密码值与用户提交的密码MD5值进行比对来进行验证。这样，你突然发现‘or’‘=’的计策失败鸟，但是后台明明有注入，这就是验证方法造成的。跟进这个验证过程，‘or’‘=’的确产生了一个结果集（admin表中的第一行记录）但是遗憾的事，后来的密码比对没法通过，验证无法成功。

思路很简单，网上有案例，我重在原理，利用union来产生想要的结果集。比如‘and（1=2）union select top 1 username，’123456得md5值‘，id from admin where username=’admin

这样产生了admin的记录信息，但是记录集中的密码那个位置的值被替换成了123456的md5值，这样，使用admin 123456通过验证并且继承他的权利。

更有甚者全部用‘xxx’的方法来盲狙，这就很“过分”鸟。不过在sql2000 sybase这些严格要求类型匹配的数据库来说，这样不能撼动“管理员登陆”的，因为执行时发生了语法错误，结果集为NULL。另外以前 ewebeditor注入漏洞来上传马也是这个union操作结果集来达到目的的经典案例。

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

How to fix KB5055523 fails to install in Windows 11?

3 weeks ago By DDD

How to fix KB5055518 fails to install in Windows 10?

3 weeks ago By DDD

Roblox: Grow A Garden - Complete Mutation Guide

2 weeks ago By DDD

Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

How to fix KB5055612 fails to install in Windows 10?

3 weeks ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Java Tutorial

1663

CakePHP Tutorial

1419

Laravel Tutorial

1313

PHP Tutorial

1263

C# Tutorial

1237

Related knowledge

Unable to complete operation (Error 0x0000771) Printer error Mar 16, 2024 pm 03:50 PM

If you encounter an error message when using your printer, such as the operation could not be completed (error 0x00000771), it may be because the printer has been disconnected. In this case, you can solve the problem through the following methods. In this article, we will discuss how to fix this issue on Windows 11/10 PC. The entire error message says: The operation could not be completed (error 0x0000771). The specified printer has been deleted. Fix 0x00000771 Printer Error on Windows PC To fix Printer Error the operation could not be completed (Error 0x0000771), the specified printer has been deleted on Windows 11/10 PC, follow this solution: Restart Print Spool

Windows Sandbox startup failed - Access Denied Feb 19, 2024 pm 01:00 PM

Does Windows Sandbox terminate with Windows Sandbox Unable to Start, Error 0x80070005, Access Denied message? Some users reported that Windows Sandbox cannot be opened. If you also encounter this error, you can follow this guide to fix it. Windows Sandbox failed to start - Access Denied If Windows Sandbox terminates with Windows Sandbox Unable to Start, Error 0x80070005, Access Denied message, make sure you are logged in as an administrator. This type of error is usually caused by insufficient permissions. So try logging in as an administrator and see if that resolves the issue. If the problem persists, you can try the following solutions: Run the Wi-Fi as administrator

Revealing the causes of HTTP status code 460 Feb 19, 2024 pm 08:30 PM

Decrypting HTTP status code 460: Why does this error occur? Introduction: In daily network use, we often encounter various error prompts, including HTTP status codes. These status codes are a mechanism defined by the HTTP protocol to indicate the processing of a request. Among these status codes, there is a relatively rare error code, namely 460. This article will delve into this error code and explain why this error occurs. Definition of HTTP status code 460: First, we need to understand the basics of HTTP status code

Solution to Windows Update prompt Error 0x8024401c error Jun 08, 2024 pm 12:18 PM

Table of Contents Solution 1 Solution 21. Delete the temporary files of Windows update 2. Repair damaged system files 3. View and modify registry entries 4. Turn off the network card IPv6 5. Run the WindowsUpdateTroubleshooter tool to repair 6. Turn off the firewall and other related anti-virus software. 7. Close the WidowsUpdate service. Solution 3 Solution 4 "0x8024401c" error occurs during Windows update on Huawei computers Symptom Problem Cause Solution Still not solved? Recently, the web server needs to be updated due to system vulnerabilities. After logging in to the server, the update prompts error code 0x8024401c. Solution 1

How to solve computer broadband connection error code 651 Dec 24, 2023 am 11:19 AM

When many friends turn on the computer to connect to the broadband, the computer prompts error 651. What is the situation? The occurrence of 651 is caused by the failure of the connection between the user's terminal computer and the China Netcom central office equipment. It may be an external disconnection or a problem with the equipment. , we can contact the operator to solve it, or check the device. Let’s take a look at the specific tutorial. Detailed tutorial method to solve computer broadband connection 651 error 1: Network card driver failure 1. First consider the network card driver problem. This problem is relatively common. Right-click the desktop computer - Manage, as shown in the figure below 2. Select "Device Management" on the computer properties page device" to enter. 3. On the Device Manager page, find "Network Adapter". There are usually two network cards, one wired and one wireless. Click Wired.

Solve the errors encountered when installing autocad in win11 Dec 30, 2023 pm 03:23 PM

AutoCAD is one of the most commonly used drawing design software, but when we want to use it on win11, we may encounter an error when installing autocad on win11. At this time, we can try to modify the registry to solve it. An error occurred when installing autocad in win11: First step, press "win logo + r" on the keyboard to open the run. In the second step, enter "regedit" and press Enter to open the registry. 3. Paste "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" into the path above. 4. After entering, double-click

The server encountered an error, 0x80070003, while creating a new virtual machine. Feb 19, 2024 pm 02:30 PM

If you encounter error code 0x80070003 when using Hyper-V to create or start a virtual machine, it may be caused by permission issues, file corruption, or configuration errors. Solutions include checking file permissions, repairing damaged files, ensuring correct configuration, and more. This problem can be solved by ruling out the different possibilities one by one. The entire error message looks like this: The server encountered an error while creating [virtual machine name]. Unable to create new virtual machine. Unable to access configuration store: The system cannot find the path specified. (0x80070003). Some possible causes of this error include: The virtual machine file is corrupted. This can happen due to malware, virus or adware attacks. Although the likelihood of this happening is low, you can't completely

Troubleshooting Tomcat 404 Errors: Quick and Practical Tips Dec 28, 2023 am 08:05 AM

Practical Tips to Quickly Solve Tomcat404 Errors Tomcat is a commonly used JavaWeb application server and is often used when developing and deploying JavaWeb applications. However, sometimes we may encounter a 404 error from Tomcat, which means that Tomcat cannot find the requested resource. This error can be caused by multiple factors, but in this article, we will cover some common solutions and tips to help you resolve Tomcat 404 errors quickly. Check URL path

See all articles