pentesting11.html

<!DOCTYPE html>
<html lang="cn">
<head>
        <meta charset="utf-8" />
        <title>渗透测试工具简介11 SQL 注入</title>
        <link rel="stylesheet" href="/theme/css/main.css" />
</head>

<body id="index" class="home">
        <header id="banner" class="body">
                <h1><a href="/">python自动化测试人工智能 </a></h1>
                <nav><ul>
                    <li><a href="/category/ba-zi.html">八字</a></li>
                    <li><a href="/category/ce-shi.html">测试</a></li>
                    <li><a href="/category/ce-shi-kuang-jia.html">测试框架</a></li>
                    <li><a href="/category/common.html">common</a></li>
                    <li><a href="/category/da-shu-ju.html">大数据</a></li>
                    <li><a href="/category/feng-shui.html">风水</a></li>
                    <li><a href="/category/ji-qi-xue-xi.html">机器学习</a></li>
                    <li><a href="/category/jie-meng.html">解梦</a></li>
                    <li><a href="/category/linux.html">linux</a></li>
                    <li class="active"><a href="/category/python.html">python</a></li>
                    <li><a href="/category/shu-ji.html">书籍</a></li>
                    <li><a href="/category/shu-ju-fen-xi.html">数据分析</a></li>
                    <li><a href="/category/zhong-cao-yao.html">中草药</a></li>
                    <li><a href="/category/zhong-yi.html">中医</a></li>
                </ul></nav>
        </header><!-- /#banner -->
<section id="content" class="body">
  <article>
    <header>
      <h1 class="entry-title">
        <a href="/pentesting11.html" rel="bookmark"
           title="Permalink to 渗透测试工具简介11 SQL 注入">渗透测试工具简介11 SQL 注入</a></h1>
    </header>

    <div class="entry-content">
<footer class="post-info">
        <abbr class="published" title="2018-11-12T08:25:00+08:00">
                Published: 一 12 十一月 2018
        </abbr>

        <address class="vcard author">
                By                         <a class="url fn" href="/author/andrew.html">andrew</a>
        </address>
<p>In <a href="/category/python.html">python</a>.</p>

</footer><!-- /.post-info -->      <ul>
<li><a href="https://china-testing.github.io/pentesting.html">本书目录</a></li>
</ul>
<h1 id="11-sql">渗透测试工具简介11 SQL注入</h1>
<p>SQL是结构化查询语言的首字母缩写。它用于检索和操作数据库中的数据。</p>
<h3 id="sql">什么是SQL注入？</h3>
<p>SQL注入使动态SQL语句注释掉语句的某些部分或附加始终为真的条件来执行恶意SQL代码。</p>
<p>可以使用SQL注入执行的攻击类型和数据库引擎相关。攻击适用于动态SQL语句。动态语句是在运行时使用来自Web表单或URI查询字符串的参数password生成的语句。</p>
<p>某HTML表单的代码如下。</p>
<div class="highlight"><pre><span></span><span class="p">&lt;</span><span class="nt">form</span> <span class="na">action</span><span class="o">=</span><span class="s">‘index.php’</span> <span class="na">method</span><span class="o">=</span><span class="s">&quot;post&quot;</span><span class="p">&gt;</span>

<span class="p">&lt;</span><span class="nt">input</span> <span class="na">type</span><span class="o">=</span><span class="s">&quot;email&quot;</span> <span class="na">name</span><span class="o">=</span><span class="s">&quot;email&quot;</span> <span class="na">required</span><span class="o">=</span><span class="s">&quot;required&quot;</span><span class="p">/&gt;</span>

<span class="p">&lt;</span><span class="nt">input</span> <span class="na">type</span><span class="o">=</span><span class="s">&quot;password&quot;</span> <span class="na">name</span><span class="o">=</span><span class="s">&quot;password&quot;</span><span class="p">/&gt;</span>

<span class="p">&lt;</span><span class="nt">input</span> <span class="na">type</span><span class="o">=</span><span class="s">&quot;checkbox&quot;</span> <span class="na">name</span><span class="o">=</span><span class="s">&quot;remember_me&quot;</span> <span class="na">value</span><span class="o">=</span><span class="s">&quot;Remember me&quot;</span><span class="p">/&gt;</span>

<span class="p">&lt;</span><span class="nt">input</span> <span class="na">type</span><span class="o">=</span><span class="s">&quot;submit&quot;</span> <span class="na">value</span><span class="o">=</span><span class="s">&quot;Submit&quot;</span><span class="p">/&gt;</span>

<span class="p">&lt;/</span><span class="nt">form</span><span class="p">&gt;</span>
</pre></div>


<p>上面的表单接受电子邮件地址和密码，将它们提交给名为index.php的PHP文件。
它可以选择将登录会话存储在cookie中。 我们从remember_me复选框中推断出这一点。 它使用post方法提交数据。 这意味着值不会显示在URL中。</p>
<p>后台用于检查用户ID的语句如下所示</p>
<div class="highlight"><pre><span></span><span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="n">users</span> <span class="k">WHERE</span> <span class="n">email</span> <span class="o">=</span> <span class="err">$</span><span class="n">_POST</span><span class="p">[</span><span class="s1">&#39;email&#39;</span><span class="p">]</span> <span class="k">AND</span> <span class="n">password</span> <span class="o">=</span> <span class="n">md5</span><span class="p">(</span><span class="err">$</span><span class="n">_POST</span><span class="p">[</span><span class="s1">&#39;password&#39;</span><span class="p">]);</span>
<span class="o">#</span> <span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="n">users</span> <span class="k">WHERE</span> <span class="n">email</span> <span class="o">=</span> <span class="s1">&#39;[xxx@xxx.xxx](mailto:xxx@xxx.xxx)&#39;</span> <span class="k">OR</span> <span class="mi">1</span> <span class="o">=</span> <span class="mi">1</span> <span class="k">LIMIT</span> <span class="mi">1</span> <span class="c1">-- &#39; ] AND password = md5(&#39;1234&#39;); # SQL注入</span>
</pre></div>


<p>上面的语句直接使用$_POST[] 数组的值而不检验。密码使用MD5算法加密。为此用第2句可以直接进行SQL注入。</p>
<h3 id="sql_1">SQL登陆注入实战</h3>
<p>演示网址不能承受太大压力，需要的请加钉钉pytesting索取。</p>
<p><img alt="图片.png" src="https://upload-images.jianshu.io/upload_images/12713060-3dbedb5bcadc182c.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"></p>
<p><img alt="图片.png" src="https://upload-images.jianshu.io/upload_images/12713060-48c6f496a157b040.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"></p>
<p>步骤：</p>
<ul>
<li>email: 输入 <a href="mailto:xxx@xxx.xxx">xxx@xxx.xxx</a></li>
<li>密码输入： Enter xxx') OR 1 = 1 -- ]</li>
<li>提交</li>
</ul>
<p><img alt="图片.png" src="https://upload-images.jianshu.io/upload_images/12713060-94a95e157892b57c.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240"></p>
<h3 id="sql_2">其他SQL注入</h3>
<ul>
<li>删除数据</li>
<li>更新数据</li>
<li>插入数据</li>
<li>在服务器上执行可以下载和安装特洛伊木马等恶意程序的命令</li>
<li>将有价值的数据（如信用卡详细信息，电子邮件和密码）导出到攻击者的远程服务器</li>
<li>获取用户登录详细信息等</li>
</ul>
<h3 id="_1">参考资料</h3>
<ul>
<li>讨论qq群144081101 591302926 567351477 </li>
<li><a href="https://china-testing.github.io/pentesting11.html">本文最新版本地址</a></li>
<li><a href="https://github.com/china-testing/python-api-tesing">本文涉及的python测试开发库</a> 谢谢点赞！</li>
<li><a href="https://china-testing.github.io/testing_books.html">安全测试书籍下载</a> </li>
<li><a href="https://github.com/china-testing/python-api-tesing/blob/master/books.md">本文相关海量书籍下载</a></li>
</ul>
<h3 id="sql_3">SQL注入的自动化工具</h3>
<ul>
<li>SQLMap - http://sqlmap.org/ https://github.com/sqlmapproject/sqlmap</li>
<li>SQLSmack - http://www.securiteam.com/tools/5GP081P75C.html 针对MSSQL，且很久没有更新，用处不大。</li>
<li>SQLPing 2 - http://www.sqlsecurity.com/downloads/</li>
<li>Havij https://www.darknet.org.uk/2010/09/havij-advanced-automated-sql-injection-tool/</li>
</ul>
<h3 id="sql_4">如何防止SQL注入攻击</h3>
<p>组织可以采用以下策略来保护自己免受SQL注入攻击。</p>
<ul>
<li>在动态SQL语句中使用之前必须始终对其进行清理。</li>
<li>存储过程 - 这些可以封装SQL语句并将所有输入视为参数。</li>
<li>参数化</li>
<li>正则表达式 - 检测潜在的有害代码并在执行SQL语句之前将其删除。</li>
<li>数据库连接用户访问权限</li>
<li>错误消息不要显示SQL。</li>
</ul>
<h3 id="_2">参考资料</h3>
<ul>
<li>讨论  qq群144081101 567351477</li>
<li><a href="https://china-testing.github.io/pentesting11.html">本文最新版本地址</a></li>
<li><a href="https://github.com/china-testing/python-api-tesing">本文涉及的python测试开发库</a> 谢谢点赞！</li>
<li><a href="https://github.com/china-testing/python-api-tesing/blob/master/books.md">本文相关海量书籍下载</a> </li>
<li>道家技术-手相手诊看相中医等钉钉群21734177 qq群：391441566 184175668 338228106 看手相、面相、舌相、抽签、体质识别。服务费50元每人次起。请联系钉钉或者微信pythontesting</li>
<li><a href="https://china-testing.github.io/testing_training.html">接口自动化性能测试线上培训大纲</a></li>
<li><a href="https://www.fullstackpython.com/monitoring.html">Monitoring</a></li>
</ul>
    </div><!-- /.entry-content -->

  </article>
</section>
        <section id="extras" class="body">
                <div class="blogroll">
                        <h2>links</h2>
                        <ul>
                            <li><a href="https://china-testing.github.io/testing_training.html">自动化性能接口测试线上及深圳培训与项目实战 qq群：144081101 591302926</a></li>
                            <li><a href="http://blog.sciencenet.cn/blog-2604609-1112306.html">pandas数据分析scrapy爬虫 521070358 Py人工智能pandas-opencv 6089740</a></li>
                            <li><a href="http://blog.sciencenet.cn/blog-2604609-1112306.html">中医解梦看相八字算命qq群 391441566 csdn书籍下载-python爬虫 437355848</a></li>
                        </ul>
                </div><!-- /.blogroll -->
        </section><!-- /#extras -->

        <footer id="contentinfo" class="body">
                <address id="about" class="vcard body">
                Proudly powered by <a href="http://getpelican.com/">Pelican</a>, which takes great advantage of <a href="http://python.org">Python</a>.
                </address><!-- /#about -->

                <p>The theme is by <a href="http://coding.smashingmagazine.com/2009/08/04/designing-a-html-5-layout-from-scratch/">Smashing Magazine</a>, thanks!</p>
        </footer><!-- /#contentinfo -->

</body>
</html>