SQL注入学习日记1——SQL基础知识
0x00 前言
SQL注入,听起来就高级,疫情那会儿就想搞了,结果搞半天搞不明白,这次工作室选拔赛的SQL注入题目一个没做,面试还被面试官问了^^,很丢人,所以准备从现在开始正儿八经学SQL注入。
SQL注入是一种高危漏洞,这个我都耳熟能详了,究竟高危在哪,原理是啥,一切问题都将在日后一一解答。
0x01 What is SQL?What can it do?
I found MySQL's official website, and the reference manual. "MySQL,the most popular Open Source SQL database management system".
So we should know SQL is a database, and it's relational database. So what is relational database? Relational database store data in separate tables.
It stores the data in different structures like databases,tables,rows or columns, then users make a special rule for his database. The databases enforce the rules.
So after this, the databases will be consistent and seldom missing data(if the rules are proper).
Clients can connect to MySQL Server using several protocols:
1:Clients can connect using TCP/IP sockets on any platform.
2:On Windows systems, clients can connect using named pipes if the server is started with the named_pipe system variable enabled. Windows servers also support shared-memory connections if started with the shared_memory system variable enabled. Clients can connect through shared memory by using the --protocol=memory option.
3:On Unix systems, clients can connect using Unix domain socket files.
0x02 before create a database
So when we want to create or make a database, we should connect to server first.
use command to connect to server:
mysql -h host -u user -p
then enter the password.
If succeed, it would be display like this:
shell> mysql -h host -u user -p
Enter password: ********
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 25338 to server version: 8.0.24-standard
`Type 'help;' or '\h' for help. Type '\c' to clear the buffer.`
mysql>
then after connected to server, entering queries to get information that you want.
then we can create new database!
0x03 creating a database
Use SHOW DATABASE can show current database in the server.
Then create a new database.
CREATE DATABASE Ph4nt0mPa1N;
Then make this database become the current database.
USE Ph4nt0mPa1N
Then today you create a new database!
0x04 I am fucking tired I want to sleep
so this is what we have learned in 11/16/2020.
