SQL injection

sql Inject ： Appears where the input interacts with the database ; It usually exists on the login page 、 Find pages or add pages where users can find or modify data .
SQL Injection methods can be roughly divided into two categories ： Character and number
sql Injection judgment ： Construct where you can type sql sentence
Enter single quotes - The quotation mark of the error report is wrong - Digital injection
Enter single quotes - Report errors 1（id Value ） And single quotes - Character injection
and： Both are true
or： An establishment is an establishment
test
1、 First, judge whether there is an injection point ,
Judgment method ：
（1） You can enter single quotation marks ’ To test , If the page returns an error , There is Sql Inject
（2）id=1 and 1=1（ The page is running normally ）、id=1 and 1=2（ Page running error ）（ Digital ） Return to different interfaces , There is sql Inject
（3）id=1 'and ‘1’='1、id=1 'and ‘1’='2（ Character ） Return to different interfaces , There is sql Inject

Judge according to the display bit sql Injection type ：
（1） Joint injection query ： There must be a display bit on the page
（2） Blind annotation based on Boolean ： That is, the injection of true or false conditions can be judged according to the returned page ; The page only returns True and False Two types of pages
（3） Based on error reporting injection ： That is, the page will return an error message , Or return the result of the injected statement directly to the page ;
（4） Time based delay Injection ： That is, no information can be judged based on the content returned from the page , Use conditional statement to check whether time delay statement is executed （ That is, whether the page return time increases ） To judge ;
for example ：’ and if(ascii(substr(database(),1,1))=115,1,sleep(5))–+