With the development of B / S mode application development, programmers who use this model to write applications have become more and more. However, due to the high entry threshold in this industry, the level and experience of programmers are uneven. A considerable part of the programmer does not judge the legality of the user input data when writing code, so that the application has security hazards. Users can submit a database query code, obtain certain data he wants, based on the result returned by the program, which is the so-called SQL INJECTION, that is, SQL injection.
SQL injection is accessed from normal WWW port, and the surface looks with the general web page access, there is no difference in web page access, so the current market firewall will not issue an alert to SQL injection. If the administrator does not view the habit of IIS logs, it may be invaded Will not find out for a long time. However, the technique of SQL injection is quite flexible, and there will be many unexpected situations when injected. Can you analyze according to the specific situation, construct a smart SQL statement, so that the desired data is successfully obtained, it is the fundamental difference between the master and the "rookie". According to national conditions, domestic websites use ASP Access or SQLServer to account for more than 70%, PHP MySQ accounts for L20%, and there are less than 10% of others. In this article, we will introduce the approach, advanced to advanced explanation of ASP injection methods and techniques, and PHP injected article written by another friend of the NB Alliance Zwell, I hope to use the security workers and programmers. For friends who know the ASP injection, please do not skip the entry, because some people have misunderstandings about the basic judgment methods of the injected. Are you ready? Let's Go ... Into the door If you haven't tried SQL injection before, then the first step will first put the IE menu => tool => Internet option => Advanced => Show friendly HTTP error message before the hook. Otherwise, no matter what the server returns, IE is only displayed as an HTTP 500 server error, and more prompt information cannot be obtained. In the first quarter, SQL injection principle begins with a website www.19cn.com (Note: This article has been approved by this station long agreed, most of them are real data). On the homepage of the website, there are "IE can't open a new window" link, the address is: http://www.19cn.com/showdetail.asp? Id = 49, we add this address after this address Single quotes ', the server will return the following error message: Microsoft Jet Database Engine Error' Syntax Error of '80040e14' Strings In Query Expressions 'ID = 49' ''. /SHOWDETAIL.ASP, line 8 From this error prompt we can see the following: 1. The website is used by the Access database, connects the database via the JET engine, not through ODBC. 2. The program does not determine whether the data submitted by the client meets the program requirements. 3. This SQL statement is inquired with a field of ID. From the above example we can know that the principle of SQL injection is to submit a special code from the client, resulting in the collection of procedures and servers, giving the information you want to get.
In the second section, it is said that some people will feel that there are some people who can do it: I am not very simple to test, this is not very simple? In fact, this is not the best way, why? First, it is not necessarily that the IIS of each server is returned to the client. If the program is added to the client, if the program is added, SQL injection is not successful, but the server will also report an error, the specific prompt information is Error on the server when processing the URL. Please contact the system administrator. Second, some of the programmers who have a little understanding of SQL injection is considered to be safe, this situation is not a small number, if you use single quotes test, it is not an injection point. (Source: 9cbs )
