Skip to main content

SQL Injection Part 1 -- Principles and basics

 Introduction

Recently I started to learn SQL injection, which is the first point ethical hackers should learn after learning the Computer Science basics such as Computer Network. I personally think it is a bit difficult for newbies to get started with SQL injection, and I don't dare to start when it comes to CTF questions, so here I will briefly talk about the points that newbies need to pay attention to.

Text

Principles

When the web application passes SQL statements to the backend database for database operations. If the parameters entered by the user are not strictly filtered, the attacker can construct a special SQL statement, directly input it into the database engine for execution, and obtain or modify the data in the database.

Therefore, the essence of the SQL injection vulnerability is to execute the data entered by the user as code.

There are two key conditions for SQL injection: the user can control the input content; the web application brings the user input content into the database for execution.

Basics

Commonly used functions

As for MySQL database, the most commonly used functions are listed below.

system_user() # system username

user() # ordinary username

current_user()

session_user()

database()

version()

load_file() # MySQL function to read local files, and content is converted to hexadecimal or decimal

@@datadir # get the data's stored path in the server

@@basedir # get the database's installation path in the server

@@version_compile_os

group_concat() # concatenate all parameters in parentheses into a string

substr(str,start,len) # Intercept the string starting from start and len length from the str string

Most important structure for MySQL


Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

Ways to bypass GFW as a foreigner in Mainland China

I'm surprised to find out there are very few tutorials for westerners living in Mainland China to bypass the Great Firewall built by CCP. Maybe you come to Mainland China due to multiple reasons, such as academic communication,work or live here. However, popular VPN providers like ExpressVPN,NordVPN and surfshark can't work very well here. The VPN traffic and socks5 proxy traffic has already been precisely detected and blocked by GFW for ages. Now, I will introduce some new techniques for you to bypass GFW: Consider using proxy servers running advanced proxy protocols such as Vmess,ShadowSocks and Trojan rather than VPN servers. These protocols are based on socks5 protocol which locates at the application layer of OSI model, and their performance are much greater than VPN protocols. You can buy those services from proxy providers("机场" in Chinese). They provide servers("节点" in Chinese) in multiple locations, even all over the world. Quality of service and loc...
Post a Comment
Read more

Welcome to my blog!

This is the English version of my tech blog. However, as a student, I'm busy with my study and don't have enough time to translate my blogs into English. Sorry for the inconvenience! The link of my Chinese version tech blog is:  https://hackerterry.netlify.app
Post a Comment
Read more