SQL Inject It is the first loophole in my security introduction , How to say this loophole , Just remember those in the early stage of study payload Know how to Check the library 、 Look up the table 、 List 、 Check field You can do the topic . Can't , This is the zero foundation for beginners , From memory to understanding , Slowly go back to the previous questions , And the audit of the source code , There are many different feelings , For example, after only knowing how to attack at the beginning, I gradually learned to audit , Learned to analyze .

Of course, before the database attack study, I have only stayed in MySQL In my study , So during this period of time, I will put the right MySQL The stay breaks through to other Relational database Such as Postgresql、Oracle、MSSQL etc. , Advance to Non relational database Such as MongoDB.

What is? sql Inject

SQL Inject Which means web The application does not judge or filter the validity of the user's input data , The attacker Can be in web Add extra... At the end of a predefined query statement in the application SQL sentence , Implement illegal operation without the administrator's knowledge , In this way, the database server is cheated to execute any unauthorized query , So we can get the corresponding data information .
​（ Baidu Encyclopedia ）

In short, it's in sql In the query, the user's controllable parameters are manipulated to achieve the deception effect .

sql Injection causes

I think the main reason is that developers do not pay attention to the standard writing in the process of program development sql sentence And strict filtering of special characters , Causes the client to pass global variables POST and GET Even other request headers submit some sql Statement to achieve normal execution . Simply put, the black-and-white list work is not done very carefully, which leads to injection .

Of course, this is only one aspect , For example, the reason of database configuration version （ truncation ）、 Excessive echo of errors （ Report errors ）、 Allow multiple sql Instructions Submission of （ The stack ） And so on may cause injection .

sql Injection principle

Character splicing ：

We can end the previous sentence with a symbol at the injection point sql Inquire about , We will start a new query statement later .

Ingenious closure ：

The original query statement should be ：

But because of id=‘1’ Medium 1 It's a controllable variable , When an unsettling person enters something else , Such as 1‘ or 1=1#  （ The alarm number is the annotator , The following data are directly annotated to achieve the closing effect ）.

Apart from the closure of this annotation, there is another closure with another parameter , Or the example above

select * from users where id='1';

We're on this 1 The parameters are going to be 1 Change it to 1' or '1'='1 Take it to the terminal to see , It's clear.

This kind of closure is generally used for parameter closure in the middle, that is, there is useful data behind, and the purpose cannot be achieved through annotation .

The principle of injection is that no matter what the closing mode is , There is only one purpose , That is, we add a malicious statement we input on the original basis , Cause the database to Information disclosure Or generate back door .

sql Hazards of Injection

I mentioned two above Information disclosure and back door Generation , Here I systematically summarize sql Inject After success, you will be right Server side Damage done .

Information leakage ： The disclosure of the user's privacy information stored in the database, such as the login account of the website 、 password , There are even user names and ID cards .

Hang a horse , Spreading malware ： Modify the values of some fields in the database , Embedded webhorse link , Carry out a hanging horse attack .

The database was maliciously manipulated ： The database server was attacked , The system administrator account of the database has been tampered with .

The server is remotely controlled , The rear door is installed . Operating system support via database server , Allow hackers to modify or control the operating system .

Of course, this is only the harm I know and think exists at present , There are also existing hazards that I don't know and unknown .

How to prevent sql Inject

Both let sql Inject It's so dangerous , So how to effectively reduce this harm ？ Of course, it can only be prevented and reduced , Cannot be prevented or avoided , Security is really pervasive , Security researchers are really super smart .

The way of defense still has to trace back to the angle of the attacker , Just block their way .

Filter the incoming dangerous parameter values , After analyzing the incoming value, filter it again, that is, filter it twice .

Check the grammar and morphology of the incoming string to determine whether there is an injection .

The code layer prevents sql The best way to inject an attack is sql precompile （ Used the most ）.

Specify the length of data that can be entered , To some extent, it can prevent sql Inject .

Restrict the operation permission of the database （ Prevent users from modifying the database ）.

Limit the number of queries that the database can execute at one time （ Prevent stack injection ）.

Encrypted storage is adopted for data storage , Once the attacker enters the database, it can also protect the privacy for the second time .

There are still many ways to prevent , Roughly as above . Knowledge is limited For reference only .

Reference resources ：

How to prevent sql Inject ？ prevent sql What are the ways of Injection ？- Safe dog

https://www.csdn.net/tags/MtTaEgwsMTYyNjc3LWJsb2cO0O0O.html

SQL What are the methods to prevent injection attacks ？

Talk about what you often ask in an interview SQL Inject _ The blog of yard thick cannon -CSDN Blog _ The interview asked sql Inject

SQL Principle of injection - You know

https://www.csdn.net/tags/MtTaEgwsMTQzMTA4LWJsb2cO0O0O.html

SQL What is injection , How to avoid SQL Inject ？