Skip to main content

SQL Injection Part 1 -- Principles and basics

 Introduction

Recently I started to learn SQL injection, which is the first point ethical hackers should learn after learning the Computer Science basics such as Computer Network. I personally think it is a bit difficult for newbies to get started with SQL injection, and I don't dare to start when it comes to CTF questions, so here I will briefly talk about the points that newbies need to pay attention to.

Text

Principles

When the web application passes SQL statements to the backend database for database operations. If the parameters entered by the user are not strictly filtered, the attacker can construct a special SQL statement, directly input it into the database engine for execution, and obtain or modify the data in the database.

Therefore, the essence of the SQL injection vulnerability is to execute the data entered by the user as code.

There are two key conditions for SQL injection: the user can control the input content; the web application brings the user input content into the database for execution.

Basics

Commonly used functions

As for MySQL database, the most commonly used functions are listed below.

system_user() # system username

user() # ordinary username

current_user()

session_user()

database()

version()

load_file() # MySQL function to read local files, and content is converted to hexadecimal or decimal

@@datadir # get the data's stored path in the server

@@basedir # get the database's installation path in the server

@@version_compile_os

group_concat() # concatenate all parameters in parentheses into a string

substr(str,start,len) # Intercept the string starting from start and len length from the str string

Most important structure for MySQL


Labels:

Comments

Post a Comment

Popular posts from this blog

Ways to bypass GFW as a foreigner in Mainland China

I'm surprised to find out there are very few tutorials for westerners living in Mainland China to bypass the Great Firewall built by CCP. Maybe you come to Mainland China due to multiple reasons, such as academic communication,work or live here. However, popular VPN providers like ExpressVPN,NordVPN and surfshark can't work very well here. The VPN traffic and socks5 proxy traffic has already been precisely detected and blocked by GFW for ages. Now, I will introduce some new techniques for you to bypass GFW: Consider using proxy servers running advanced proxy protocols such as Vmess,ShadowSocks and Trojan rather than VPN servers. These protocols are based on socks5 protocol which locates at the application layer of OSI model, and their performance are much greater than VPN protocols. You can buy those services from proxy providers("机场" in Chinese). They provide servers("节点" in Chinese) in multiple locations, even all over the world. Quality of service and loc
Post a Comment
Read more

Welcome to my blog!

This is the English version of my tech blog. However, as a student, I'm busy with my study and don't have enough time to translate my blogs into English. Sorry for the inconvenience! The link of my Chinese version tech blog is:  https://hackerterry.netlify.app
Post a Comment
Read more

Enabling Intranet access to Synology DSM through domain name for Merlin firmware routers

Introduction I recently bought a Synology NAS, a DS218play machine that has been discontinued (due to lack of money), and started a long process of tinkering with it. Because I have been living on campus for a long time, I wanted to access the Synology NAS at home through the domain name to implement various functions, such as mapping disks on the external network.  However, due to the NAT loopback restriction set by the network providers in China, I later found that I cannot access the Synology NAS using the domain name in the Intranet of my home. After a long period of exploration, I finally succeeded! Here I will share with you the specific method, which can be achieved without putty or secureCRT. Text First download the WinSCP software online, as shown in the figure after downloading and installing. Select the SCP protocol. The host name is the IP of your router's management page. The username and password are the same as those used to log in to the routing management page. Jus
Post a Comment
Read more