当前位置:网站首页>You can see the classification of SQL injection. SQL injection point /sql injection type /sql injection has several /sql injection point classifications
You can see the classification of SQL injection. SQL injection point /sql injection type /sql injection has several /sql injection point classifications
2022-06-25 06:26:00 【Scholar's day 3 WYX】
「 Author URI 」: Three days wyx
「 Author's brief introduction 」:CSDN top200、 Alibaba cloud blog expert 、 Huawei cloud sharing expert 、 High quality creators in the field of network security
SQL Injection classification
According to the input 「 Parameters 」 type , Can be SQL Injections fall into two broad categories : 「 Numerical type 」 Inject 、 「 Character 」 Inject
One 、 Numerical injection
The parameters entered in the foreground page are 「 Numbers 」.
For example, the following is based on ID Query the user's function .![[ Failed to transfer the external chain picture , The origin station may have anti-theft chain mechanism , It is suggested to save the pictures and upload them directly (img-xw240yvV-1645149522105)(E:\data\TyporaPages\image-20220212164303912.png)]](/img/af/d3f518293cb99a1a9ea501d673309f.jpg)
Background corresponding SQL as follows , The field type is numeric , This is numerical injection .
select * from user where id = 1;
Two 、 Character injection
The parameters entered in the foreground page are 「 character string 」.
For example, the following login function , The user name and password entered are strings .![[ Failed to transfer the external chain picture , The origin station may have anti-theft chain mechanism , It is suggested to save the pictures and upload them directly (img-FF5m4MCS-1645149253353)(E:\data\TyporaPages\image-20220212164911231.png)]](/img/c0/58b197d53506db1c7d64361803a7ab.jpg)
Background corresponding SQL as follows , Field type is character type , This is character injection .
select * from user
where username = 'zhangsan' and password = '123abc';
Characters can be wrapped in single quotes , You can also use double quotation marks to wrap , According to the package string 「 quotes 」 Different , Character injection can be divided into :「 Single quote character 」 Injection and 「 Double quotation mark character type 」 Inject .
1) Single quote character Injection
Parameters use 「 Single quotation marks 」 When wrapping , It is called single quote character injection , Like this one down here SQL, Single quotation mark character injection .
select * from user where username = 'zhangsan';
2) Double quote character Injection
Parameters use 「 Double quotes 」 When wrapping , It is called double quotation mark character injection , Like this one down here SQL, Double quotation mark character injection .
select * from user where username = "zhangsan";
3) Parenthesized injection
In theory , There are only two injection types: numeric and character .
SQL The grammar of , Support the use of one or more 「 Brackets 」 Package parameters , There are some variations of these two basic injection types .
a. Numerical type + Injection of parentheses
Wrap numeric parameters in parentheses , Like the following SQL.
select * from user where id = (1);
select * from user where id = ((1));
Wrap multiple parentheses ……
b. Single quote string + Injection of parentheses
Use parentheses and single quotation marks to wrap the parameters , Like the following SQL.
select * from user where username = ('zhangsan');
select * from user where username = (('zhangsan'));
Wrap multiple parentheses ……
c. Double quote string + Injection of parentheses
Wrap the arguments in parentheses and double quotes , Like the following SQL
select * from user where username = ("zhangsan");
select * from user where username = (("zhangsan"));
Wrap multiple parentheses ……
3、 ... and 、 Other types
In addition to the classification according to parameters , There are other classifications .
According to the data 「 submission 」 classification :
- GET Inject : Use get Request to submit data , such as xxx.php?id=1.
- POST Inject : Use post Request to submit data , Like forms .
- Cookie Inject : Use Cookie Submit data in a field of , For example Cookie Save user information in .
- HTTP Header Inject : Submit data using request headers , For example, testing HTTP Source address in 、 host IP etc. .
According to the page 「 Echo 」 classification :
- Explicit note : The front page can echo user information , such as Joint injection 、 An error injection .
- Blind note : The front page cannot echo user information , such as Bull's blind note 、 Time blind note .
Thank you for your praise 、 Collection 、 Comment on , I'm three days 、 I wish you happiness .
边栏推荐
- Noi Mathematics: Dirichlet convolution
- Investment opportunities and operational risk assessment report of China's engineering consulting industry during the 14th Five Year Plan period 2022-2028
- Understand what MSS is
- Observation configuring wmic
- ctfshow-misc
- With a younger brother OCR, say no to various types of verification codes!
- Why can't GC () free memory- Why does gc() not free memory?
- JD 7 head search navigation layout
- What happens when redis runs out of memory
- Research Report on brand strategic management and marketing trends in the global and Chinese preserved fruit market 2022
猜你喜欢
With a younger brother OCR, say no to various types of verification codes!
Viewing Chinese science and technology from the Winter Olympics (V): the Internet of things
C simple operation mongodb
RT thread i/o device model and layering
Laravel8 fill data
Tablespace free space
![[short time energy] short time energy of speech signal based on MATLAB [including Matlab source code 1719]](/img/a1/0cb61368cb1d0817d74781084a4466.jpg)
[short time energy] short time energy of speech signal based on MATLAB [including Matlab source code 1719]
@Detailed explanation of valid annotation usage
![[hand torn STL] Stack & queue](/img/db/d05c52f8e3fb0aade51460e86cf623.jpg)
[hand torn STL] Stack & queue
3-7sql injection website instance step 3: attack type and attack strategy
随机推荐
Copying DNA
Day21 performance test process
Analysis report on global and Chinese pharmaceutical excipients industry competition and marketing model 2022-2028
Lesson 9: workspace introduction
Handling skills of SQL optimization (2)
How to open an account online? Is it safe to open an account online?
With a younger brother OCR, say no to various types of verification codes!
An interview question record about where in MySQL
An easy problem
After five years of software testing in ByteDance, I was dismissed in December to remind my brother of paddling
@Principle of preauthorize permission control
How do I turn off word wrap in iterm2- How to turn off word wrap in iTerm2?
Find command – find and search for files
Pre knowledge of asynchronous operation
Which of the top ten securities companies has the lowest Commission and is the most safe and reliable? Do you know anything
Netstat command – displays network status
PHP and WMI – explore windows with PHP
Methods for obtaining some information of equipment
Go language library management restful API development practice
[short time average zero crossing rate] short time average zero crossing rate of speech signal based on MATLAB [including Matlab source code 1721]