SQL injection 隱碼攻擊
星期五, 十二月 12, 2008
邪惡的東西...
除了把 ' 特別處理以外 ..
還找到幾種攻擊方法
1. HEX 編碼 :
0x457578 (M) - Hex Representation of string
SELECT 0x457578
This will be selected as string in MySQL.
In MySQL easy way to generate hex representations of strings use this;
SELECT CONCAT('0x',HEX('c:\\boot.ini'))
2. 複合其他指令 :
網路上找到一個解決方法..排除掉下面這些字
BlackList = Array("--", ";", "/*", "*/", "@@", "@",_
"char", "nchar", "varchar", "nvarchar",_
"alter", "begin", "cast", "create", "cursor",_
"declare", "delete", "drop", "end", "exec",_
"execute", "fetch", "insert", "kill", "open",_
"select", "sys", "sysobjects", "syscolumns",_
"table", "update")
3. 處理掉 :
有些人會用javascript加到資料裡連去別的主機, 這也要避免
4. Bypassing MD5 Hash Check Example (MSP)
Username : admin
Password : 1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
81dc9bdb52d04dc20036dbd8313ed055 = MD5(1234)
