《Web安全渗透全套教程(40集)》学习笔记 | SQL注入攻击及防御
2024-05-08 04:16:33
学习视频来源:B站《Web安全渗透全套教程(40集)》
个人在学习的同时,也验证了视频中的实验部分,现将授课笔记和实验笔记整理下来。
SQL注入危害
SQL基础回顾
连接数据库
查看数据库:show databases
进入dvwa数据库
查看表
查看表结构
查看表记录
select * from dvwa.users union select 1,2,3,4,5,6,猜测出系统的字段数量,再用select * from dvwa.users union select user_login,user_pass,1,2,3,4 from wordpress.wp_users; 获取想要的内容(可以增加where 1=3,这样不成立的条件,过滤掉之前的不想要的内容)
information_schema
use information_schema.tables,里面存放了所有数据库和数据表的元信息
select * from information_schema.TABLES\G,查所有库和所有表
select DISTINCT TABLE_SCHEMA from information_schema.TABLES; //等价于show databases
mysql> select DISTINCT TABLE_SCHEMA from information_schema.TABLES;
+--------------------+
| TABLE_SCHEMA |
+--------------------+
| information_schema |
| bricks |
| bwapp |
| citizens |
| cryptomg |
| dvwa |
| gallery2 |
| getboo |
| ghost |
| gtd-php |
| hex |
| isp |
| joomla |
| mutillidae |
| mysql |
| nowasp |
| orangehrm |
| personalblog |
| peruggia |
| phpbb |
| phpmyadmin |
| proxy |
| rentnet |
| sqlol |
| tikiwiki |
| vicnum |
| wackopicko |
| wavsepdb |
| webcal |
| webgoat_coins |
| wordpress |
| wraithlogin |
| yazd |
+--------------------+
33 rows in set (0.00 sec)
mysql>select TABLE_SCHEMA,GROUP_CONCAT(TABLE_NAME) from information_schema.TABLES GROUP BY TABLE_SCHEMA\G,对数据库中的表进行了分组和整合
mysql> select TABLE_SCHEMA,GROUP_CONCAT(TABLE_NAME) from information_schema.TABLES GROUP BY TABLE_SCHEMA\G
*************************** 1. row ***************************TABLE_SCHEMA: bricks
GROUP_CONCAT(TABLE_NAME): users
*************************** 2. row ***************************TABLE_SCHEMA: bwapp
GROUP_CONCAT(TABLE_NAME): users,movies,heroes,blog
*************************** 3. row ***************************TABLE_SCHEMA: citizens
GROUP_CONCAT(TABLE_NAME): logins
*************************** 4. row ***************************TABLE_SCHEMA: cryptomg
GROUP_CONCAT(TABLE_NAME): challenge4_users,challenge2_users,challenge2_articles
*************************** 5. row ***************************TABLE_SCHEMA: dvwa
GROUP_CONCAT(TABLE_NAME): users,guestbook
*************************** 6. row ***************************TABLE_SCHEMA: gallery2
GROUP_CONCAT(TABLE_NAME): g2_dataitem,g2_externalidmap,g2_imageblockdisabledmap,g2_movieitem,g2_pluginpackagemap,g2_schema,g2_tkoperatnparametermap,g2_accessmap,g2_customfieldmap,g2_exifpropertiesmap,g2_imageblockcachemap,g2_mimetypemap,g2_pluginmap,g2_rssmap,g2_tkoperatnmimetypemap,g2_watermarkimage,g2_comment,g2_entity,g2_group,g2_maintenancemap,g2_photoitem,g2_recoverpasswordmap,g2_tkoperatnmap,g2_usergroupmap,g2_childentity,g2_descendentcountsmap,g2_getid3propsmap,g2_lock,g2_permissionsetmap,g2_ratingmap,g2_thumbnailimage,g2_user,g2_cachemap,g2_derivativeprefsmap,g2_g1migratemap,g2_linkitem,g2_permalinksmap,g2_ratingcachemap,g2_sessionmap,g2_unknownitem,g2_animationitem,g2_derivativeimage,g2_filesystementity,g2_itemattributesmap,g2_pendinguser,g2_quotasmap,g2_sequencelock,g2_tkpropertymimetypemap,g2_albumitem,g2_derivative,g2_factorymap,g2_item,g2_multilangitemmap,g2_pluginparametermap,g2_sequenceid,g2_tkpropertymap,g2_accesssubscribermap
*************************** 7. row ***************************TABLE_SCHEMA: getboo
GROUP_CONCAT(TABLE_NAME): favourites,newshits,activation,ebhints,news,configs_groups,loginhits,tags_books,configs,gsubscriptions,tags_added,comments,groups,tags,captchahits,gfolders,session,bookmarkhits,folders,searches,bookexportimport
*************************** 8. row ***************************TABLE_SCHEMA: ghost
GROUP_CONCAT(TABLE_NAME): q
*************************** 9. row ***************************TABLE_SCHEMA: gtd-php
GROUP_CONCAT(TABLE_NAME): categories,itemstatus,tickler,items,projectstatus,itemattributes,projects,goals,projectattributes,context,nextactions,checklistitems,listitems,checklist,list,timeitems
*************************** 10. row ***************************TABLE_SCHEMA: hex
GROUP_CONCAT(TABLE_NAME): loginhistory
*************************** 11. row ***************************TABLE_SCHEMA: information_schema
GROUP_CONCAT(TABLE_NAME): COLUMN_PRIVILEGES,PARTITIONS,SCHEMA_PRIVILEGES,TRIGGERS,COLUMNS,KEY_COLUMN_USAGE,SCHEMATA,TABLE_PRIVILEGES,COLLATION_CHARACTER_SET_APPLICABILITY,GLOBAL_VARIABLES,ROUTINES,TABLE_CONSTRAINTS,COLLATIONS,GLOBAL_STATUS,REFERENTIAL_CONSTRAINTS,TABLES,CHARACTER_SETS,FILES,PROFILING,STATISTICS,EVENTS,PROCESSLIST,SESSION_VARIABLES,VIEWS,ENGINES,PLUGINS,SESSION_STATUS,USER_PRIVILEGES
*************************** 12. row ***************************TABLE_SCHEMA: isp
GROUP_CONCAT(TABLE_NAME): users
*************************** 13. row ***************************TABLE_SCHEMA: joomla
GROUP_CONCAT(TABLE_NAME): jos_vm_product_mf_xref,jos_menu_types,jos_vm_product_votes,jos_plugins,jos_vm_tax_rate,jos_stats_agents,jos_vm_category,jos_vm_export,jos_vm_zone_shipping,jos_categories,jos_core_acl_aro_groups,jos_vm_module,jos_vm_payment_method,jos_vm_product_files,jos_menu,jos_newsfeeds,jos_vm_product_type_parameter,jos_vm_state,jos_session,jos_vm_waiting_list,jos_vm_cart,jos_vm_currency,jos_bannertrack,jos_core_acl_aro,jos_vm_manufacturer_category,jos_vm_orders,jos_vm_product_download,jos_groups,jos_modules_menu,jos_vm_product_type,jos_vm_shopper_vendor_xref,jos_sections,jos_vm_vendor_category,jos_vm_auth_user_vendor,jos_vm_csv,jos_bannerclient,jos_content_rating,jos_vm_order_user_info,jos_vm_product_discount,jos_core_log_searches,jos_modules,jos_vm_product_reviews,jos_vm_shopper_group,jos_polls,jos_vm_vendor,jos_vm_auth_user_group,jos_vm_creditcard,jos_banner,jos_content_frontpage,jos_vm_order_status,jos_vm_product_category_xref,jos_core_log_items,jos_migration_backlinks,jos_vm_product_relations,jos_vm_shipping_rate,jos_
*************************** 14. row ***************************TABLE_SCHEMA: mutillidae
GROUP_CONCAT(TABLE_NAME): help_texts,credit_cards,captured_data,pen_test_tools,blogs_table,page_hints,balloon_tips,page_help,accounts,level_1_help_include_files,hitlog
*************************** 15. row ***************************TABLE_SCHEMA: mysql
GROUP_CONCAT(TABLE_NAME): db,help_topic,slow_log,user,columns_priv,help_relation,servers,time_zone_transition_type,help_keyword,procs_priv,time_zone_transition,help_category,proc,time_zone_name,general_log,plugin,time_zone_leap_second,func,ndb_binlog_index,time_zone,event,host,tables_priv
*************************** 16. row ***************************TABLE_SCHEMA: nowasp
GROUP_CONCAT(TABLE_NAME): accounts,level_1_help_include_files,hitlog,help_texts,credit_cards,youtubevideos,captured_data,pen_test_tools,blogs_table,page_hints,balloon_tips,page_help
*************************** 17. row ***************************TABLE_SCHEMA: orangehrm
GROUP_CONCAT(TABLE_NAME): hs_hr_employee_timesheet_period,hs_hr_geninfo,hs_hr_job_spec,hs_hr_config,hs_hr_leavetype,hs_hr_db_version,hs_hr_emp_children,hs_hr_nationality,hs_hr_rights,hs_hr_emp_jobtitle_history,hs_hr_users,hs_hr_emp_picture,hs_hr_employee_leave_quota,hs_hr_file_version,hs_hr_job_application_events,hs_hr_compstructtree,hs_hr_leave_requests,hs_hr_customer,hs_hr_emp_basicsalary,hs_hr_module,hs_hr_province,hs_hr_emp_history_of_ealier_pos,hs_hr_user_group,hs_hr_emp_passport,hs_hr_employee,hs_hr_ethnic_race,hs_hr_job_application,hs_hr_comp_property,hs_hr_leave,hs_hr_custom_import,hs_hr_emp_attachment,hs_hr_membership_type,hs_hr_project_admin,hs_hr_emp_emergency_contacts,hs_hr_unique_id,hs_pr_salary_grade,hs_hr_emp_member_detail,hs_hr_emp_work_experience,hs_hr_empstat,hs_hr_hsp_summary,hs_hr_language,hs_hr_custom_fields,hs_hr_eec,hs_hr_membership,hs_hr_project_activity,hs_hr_emp_education,hs_hr_timesheet_submission_period,hs_hr_emp_locations,hs_pr_salary_currency_detail,hs_hr_emp_us_tax,hs_hr_empreport,hs_hr_hsp_payment_reque
*************************** 18. row ***************************TABLE_SCHEMA: personalblog
GROUP_CONCAT(TABLE_NAME): t_posts,t_comments,t_referrers
*************************** 19. row ***************************TABLE_SCHEMA: peruggia
GROUP_CONCAT(TABLE_NAME): users,picdata
*************************** 20. row ***************************TABLE_SCHEMA: phpbb
GROUP_CONCAT(TABLE_NAME): phpbb_disallow,phpbb_privmsgs_text,phpbb_themes,phpbb_vote_results,phpbb_config,phpbb_privmsgs,phpbb_smilies,phpbb_vote_desc,phpbb_categories,phpbb_posts_text,phpbb_sessions,phpbb_users,phpbb_banlist,phpbb_posts,phpbb_search_wordmatch,phpbb_user_group,phpbb_auth_access,phpbb_groups,phpbb_search_wordlist,phpbb_topics_watch,phpbb_forums,phpbb_search_results,phpbb_topics,phpbb_words,phpbb_forum_prune,phpbb_ranks,phpbb_themes_name,phpbb_vote_voters
*************************** 21. row ***************************TABLE_SCHEMA: phpmyadmin
GROUP_CONCAT(TABLE_NAME): pma_pdf_pages,pma_history,pma_designer_coords,pma_column_info,pma_bookmark,pma_table_info,pma_table_coords,pma_relation
*************************** 22. row ***************************TABLE_SCHEMA: proxy
GROUP_CONCAT(TABLE_NAME): users,logs
*************************** 23. row ***************************TABLE_SCHEMA: rentnet
GROUP_CONCAT(TABLE_NAME): logins
*************************** 24. row ***************************TABLE_SCHEMA: sqlol
GROUP_CONCAT(TABLE_NAME): ssn,users
*************************** 25. row ***************************TABLE_SCHEMA: tikiwiki
GROUP_CONCAT(TABLE_NAME): tiki_quizzes,tiki_user_tasks_history,sessions,tiki_games,tiki_score,tiki_webmail_contacts,tiki_blog_activity,tiki_images_data,tiki_calendar_roles,tiki_sent_newsletters,tiki_live_support_events,tiki_stats,tiki_charts,users_permissions,tiki_mail_events,tiki_surveys,tiki_content,tiki_modules,tiki_tracker_item_attachments,tiki_directory_sites,tiki_page_footnotes,tiki_untranslated,tiki_faq_questions,tiki_private_messages,tiki_user_menus,galaxia_processes,tiki_forum_reads,tiki_quiz_stats_sum,tiki_user_tasks,messu_sent,tiki_galleries_scales,tiki_rss_modules,tiki_users_score,tiki_banning_sections,tiki_images,tiki_semaphores,tiki_calendar_locations,tiki_links,tiki_shoutbox_words,tiki_chart_items,users_objectpermissions,tiki_logs,tiki_survey_questions,tiki_comments,tiki_minical_topics,tiki_directory_search,tiki_object_ratings,tiki_tracker_fields,tiki_translated_objects,tiki_extwiki,tiki_preferences,galaxia_instances,tiki_user_mail_accounts,tiki_forum_attachments,tiki_user_taken_quizzes,messu_messages,tiki_galleries,tik
*************************** 26. row ***************************TABLE_SCHEMA: vicnum
GROUP_CONCAT(TABLE_NAME): unionresults,jottoresults,guessnumresults
*************************** 27. row ***************************TABLE_SCHEMA: wackopicko
GROUP_CONCAT(TABLE_NAME): admin_session,coupons,admin,conflict_pictures,comments_preview,comments,users,cart_items,pictures,cart_coupons,own,cart,guestbook
*************************** 28. row ***************************TABLE_SCHEMA: wavsepdb
GROUP_CONCAT(TABLE_NAME): transactions,messages,accounts,users
*************************** 29. row ***************************TABLE_SCHEMA: webcal
GROUP_CONCAT(TABLE_NAME): webcal_nonuser_cals,webcal_user_pref,webcal_entry_log,webcal_import_data,webcal_user_layers,webcal_entry_ext_user,webcal_import,webcal_user,webcal_entry,webcal_group_user,webcal_site_extras,webcal_config,webcal_group,webcal_report_template,webcal_categories,webcal_entry_user,webcal_report,webcal_view_user,webcal_asst,webcal_entry_repeats_not,webcal_reminder_log,webcal_view,webcal_entry_repeats
*************************** 30. row ***************************TABLE_SCHEMA: webgoat_coins
GROUP_CONCAT(TABLE_NAME): employees,customers,securityquestions,customerlogin,products,comments,payments,categories,orders,orderdetails,offices
*************************** 31. row ***************************TABLE_SCHEMA: wordpress
GROUP_CONCAT(TABLE_NAME): wp_categories,wp_options,wp_mypictures,wp_users,wp_mygprelation,wp_usermeta,wp_mygallery,wp_spreadsheet,wp_links,wp_posts,wp_linkcategories,wp_postmeta,wp_comments,wp_post2cat
*************************** 32. row ***************************TABLE_SCHEMA: wraithlogin
GROUP_CONCAT(TABLE_NAME): mail,users,stealth
*************************** 33. row ***************************TABLE_SCHEMA: yazd
GROUP_CONCAT(TABLE_NAME): yazdgroupperm,yazduserperm,yazdgroup,yazduser,yazdforumprop,yazdthread,yazdforum,yazdmessagetree,yazdfilter,yazdmessageprop,yazdmessage,yazdgroupuser,yazduserprop
33 rows in set, 1 warning (0.00 sec)
mysql>select COLUMN_NAME from information_schema.columns; //获得所有库和所有表的列信息(但无意义)
select COLUMN_NAME from information_schema.columns where TABLE_SCHEMA='proxy' and TABLE_NAME='logs'; //按需获取某个数据库、表的列名
mysql> select COLUMN_NAME from information_schema.columns where TABLE_SCHEMA='proxy' and TABLE_NAME='logs';
+-------------+
| COLUMN_NAME |
+-------------+
| userid |
| source |
| target |
| timestamp |
+-------------+
4 rows in set (0.00 sec)
mysql>SQL注入流程
基于错误的注入
尝试输入',试探错误,但无法获得信息
基于布尔的注入
第一个'用于闭合前面的条件;or 1=1 为真的条件;--将注释后面的所有语句
基于UNION注入
基于时间的盲注
前面要是真条件
sqlmap自动化注入
GET方法注入
选择OWASP Multillidae II,选择无需登录的页面做注入
输入任意用户名和密码,选择URL,使用sqlmap注入
sqlmap -u注入
扫描成功,会保存到指定目录
sqlmap增加 --dbs,获得所有数据库信息
获得所有用户
获得当前用户
整理的参数
获取指定表的指定列的值
整理的示例
POST方法注入
需要带cookie才能访问的注入页面,--cookie=""
数据获取
提权操作
综合实例
《Web安全渗透全套教程(40集)》学习笔记 | SQL注入攻击及防御相关推荐
- Web安全渗透全套教程 [1/40]
安全渗透环境准备 虚拟机: 一.攻击机(渗透机):kali 二.靶机1:OWASP_Broken_Web_Apps 三.靶机2:win7 鉴于这篇文章被很多人收藏,决定开启尘封已久的这个专栏往下更新, ...
- SQL注入攻击及防御 手动注入+sqlmap自动化注入实战(网络安全学习12)
CONTENTS 1 项目实验环境 2 SQL注入概述 2.1 SQL注入简介 2.2 SQL注入的危害 3 SQL基础回顾 3.1 联合查询union 3.2 information_schema数 ...
- 渗透测试笔记(三)——SQL注入攻击及防御(1)
SQL注入危害 程序没有细致的过滤用户输入的数据,致使非法数据侵入系统. 1.对于Web应用程序而言,用户核心数据存储在数据库中,例如MySQL.SQL Server.Oracle等: 2.通过SQL ...
- CTF学习笔记——SQL注入
SQL注入 sql注入的分类 1)可回显的注入 可以联合查询的注入 报错注入 通过注入进行DNS请求,从而达到可回显的目的 2)不可回显的注入 bool盲注 时间盲注 3)二次注入 通常作为一种业务逻 ...
- 小菜鸡的学习笔记——sql注入之sqli-lab边学边练
结合sqli-lab靶场的sql注入学习笔记<持续更新> 第一关 Way1:字符型联合注入 Way2:报错型注入 第二关:get数值型联合注入 第三关:字符型闭合注入 第四关:字符型闭合注 ...
- CTF学习笔记——sql注入(2)
一.[SUCTF 2019]EasySQL 1.题目 2.解题步骤 看标题就知道是关于sql注入的题目.老规矩,先跑一下sqlmap,再用1' or 1=1 #试试. Nonono. 不死心再试一下别 ...
- Web安全学习笔记——SQL注入
一.MySQL注入 1. 常用信息查询 常用信息: 当前数据库名称:database() 当前用户:user() current_user() system_user() 当前数据库版本号:@@ver ...
- 小白学习的sql注入
小白学习的sql注入 一.sql注入漏洞原理 二.漏洞危害 三.sql注入分类 四.sql-labs靶场搭建 五.注入 六.注入流程 七.注入防范措施 八.辅助插件hackbar的安装 一.sql注入 ...
- Vue3全套教程合集
Vue3全套教程合集 点击跳转具体教程,以下所有教程基于脚手架书写,运行代码需要在脚手架环境. 一.Vue3学习-初识Vue3.创建Vue3.0工程 二.Vue3学习-分析工程结构.初识setup 三 ...
最新文章
- 边缘计算:安全保护 快速响应
- Linux vim 中文显示乱码解决方法
- 【工具】更新云文档办公利器汇总,腾讯新增批量上传多文件上传,云文档对比测试报告...
- jooq权限配置_将jOOQ与Spring结合使用:配置
- spring 与 guice 的区别好玩的好法(转)
- 二维码提升对比度文献调研(2)--Zero-Reference Deep Curve Estimation for Low-Light Image Enhancement
- python模块介绍-asyncore 异步socket处理器
- antdesign 柱状图_以Ant Design为例:看B端设计的基本套路
- 杭电1287破译密码
- SQL语句的解析过程
- 游戏开发之动态创建对象及构造函数、析构函数的执行(C++基础)
- 易买电商网站项目总结
- 集合论—集合的基本运算与主要算律
- Spring+Mybatis+SpringMVC+Maven+MySql搭建实例
- 宋体 ttf_.shx和.ttf字体,你真的了解?
- 亚马逊个人创业这条路行的通吗?
- Win10设置系统补丁更新服务器,win10系统手动更新补丁如何设置 win10系统手动安装更新方法...
- 创建自己的Repo Server
- 微信小程序canvas2d使用封装与案例使用
- Git详解之六:Git工具