SQL?????????????
???????????? ???????[ 2014/4/16 14:18:13 ] ????????SQL ??????
????3.2 ?ж??????????
?????????????????????????????????????????ж?????????????????????????????????????????????????????????????Щ??????????????????????????????????????????????????????Oracle??MS SQL Server??
?????????????????????????????????????????????????????????£???????????WHERE??????????????????????????????????????????????????????磺
????AND 'xxx' = 'x' + 'xx' ?????? AND %27xxx%27+%3D+%27x%27+%2B+%27xx%27??
?????????+?滻??||???????ж???????????Oracle????MS SQL Server?????????????????
????????????????÷?????????????????SQL?У????????????????SQL??????????????С??????????????????????????÷?????Oracle?????????????????????÷????????????????????????г?????????????????????????MS SQL Server?????????????????Oracle??????????????????????COMMIT????????????????????????????????(???磬??????xxx' ; COMMIT --)???????г????????????????????С?
??????????????????滻??????????????????????????????????????????????????????????????????????????????????????????????2.3??????MS SQL Server?????????getdate()??Oracle??sysdate.
????3.3 ??????????????
??????????????????????ú?????????????????????????????????????????????????????????????????????????????????????ο????????????SQL????????????
????????????????SQL????????????к??????????????????????????????????????????????UNION SELECT???
????4 UNION SELECT???
??????????????SELECT…WHERE???????????????ó???????Ч????????????£????????????????UNION SELECT????????????WHERE????????е????????????UNION SELECT?????ù?????????д???????????????????????????????б??
????????UNION SELECT???????????????????е???θ??????????????Щ???????????????????????????????????????????????????潫???????????????????
??????????????????????UNION SELECT??????????????????????????????????????????????????????????????????????????????????UNION SELECT???????SQL????????е??????????????????????????????????????UNION?????????????????UNION SELECT??????????????????????????????????????????????????????????????
????4.1 ???????
???????????????б?????????????????????????UNION SELECT??????γ?????ò?????????????????????????“?????????”???“?е?????????”??????????????????????????????????£??????????????????????????????????????÷???????????á?
?????μ????????ORDER BY?????SELECT???????ORDER BY??????????????????????????????????????????????????磬???????????????????????Ч???????????£?
????SELECT ProdNum FROM Products WHERE (ProdID=1234) ORDER BY ProdNum --
????AND ProdName=’Computer’) AND UserName=’john’
????????????????????ORDER BY???????????????????????????????????ProdNum??????????????е????У??????1234) ORDER BY 1--????????????????????????????????????????Σ????1234) ORDER BY 2 --??????????????????????????????????????????ORDER BY??????????????????????????????????SELECT???????????????Σ????????????????????????ORDER BY 1???????????????????У????????ε????????????????????????????ASC??DESC??????????????????ORDER BY??????Ч????????????????к????1????100???б????????????1000??????к????????Ч???????????????????????????????к?????????????????????????У???Щ??ο???????????????????????δ???????????????????????????????к????????
????4.2 ?ж??е?????????
?????????????????????????????ж??е????????????????????ж?????????м?????????UNION SELECT?????????????????????????????????????????????????????UNION SELECT?????????????б??????(brute force)????????????????ж???????????????????ε???????????????????????????????????????????????10?????????ζ????310???60??000??????????????????????????????20?γ???????????????????С???????????????????????????????????????????
?????????????????SQL??????NULL???????ε???????????????????????????????????NULL????????κ????????????????????????????в????ζ??NULL??UNION SELECT??????????????κ????????????????????????????????????????
????SELECT ProdNum??ProdType??ProdPrice??ProdProvider FROM Products
????WHERE (ProdID=1234 AND ProdName=’ Computer’) AND UserName=’john’
???????蹥??????????????????????????4?????????????????????UNION SELECT??????????в????ζ??NULL?????????????????????????????FROM???????MS SQL Server?????????FROM??????????????????Oracle?????????????????dual???????????????????FALSE??WHERE???????WHERE 1=2????????????????????????????null???????????????????????????????????MS SQL Server???????????£?
????SELECT ProdNum??ProdType??ProdPrice??ProdProvider FROM Products
????WHERE (ProdID=1234) UNION SELECT NULL??NULL??NULL??NULL
????WHERE 1=2 -- AND ProdName=’ Computer’) AND UserName=’john’
???????NULL??????????????????????????????????????κδ????UNION SELECT????????UNION????????????У??????????????????????????ж?????????????????FROM??????????????????????????????в??????
???????NULL???????????У?????????????????е?????????ж????????????У????????????????в????????????????????????????ζ????????λ??н????????????????????????????????????????3??????????????????????????ProdNum???????????????????????ζ????????????????????????????????????ж????????????
???? 1234) UNION SELECT NULL??NULL??NULL??NULL WHERE 1=2 --
??????? ?????????????MS SQL Server?????
???? 1234) UNION SELECT 1??NULL??NULL??NULL WHERE 1=2 --
??????? ??????????????????
???? 1234) UNION SELECT 1??2??NULL??NULL WHERE 1=2 --
???????? ???????β???????????
???? 1234) UNION SELECT 1??’2’??NULL??NULL WHERE 1=2 --
??????? ???????????????????
???? 1234) UNION SELECT 1??’2’??3??NULL WHERE 1=2 --
???????? ????????β???????????
???? 1234) UNION SELECT 1??’2’??’3’??NULL WHERE 1=2 --
??????? ????????????????????
???? 1234) UNION SELECT 1??’2’??’3’??4 WHERE 1=2 --
???????? ???????β???????????
???? 1234) UNION SELECT 1??’2’??’3’??’4’ WHERE 1=2 --
??????? ???????????????????
?????????????????????????е?????????????????????????????????л????????????????????б???????????????????????????ó????л???????????Щ???????????Щ????SQL????????????????????????????????????
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11
sales@spasvo.com