SRC实战训练营明日开课,今日报名最后一天,成长平台+直播培训=204 元(最后一天)
可以使用 '|"|}|) 等特殊字符进行检测,除了正常的参数提交外,注入的位置也可能存在于 HTTP header 中,比如 X-Forwarded-For、User-Agent、Referer、Cookie 中。不同数据库的报错内容:
MSSQL ASPX Error
Server Error in '/' ApplicationMSAccess (Apache PHP)
Fatal error: Uncaught exception 'com_exception' with message Source: Microsoft JET Database EngineMSAccesss (IIS ASP)
Microsoft JET Database Engine error '80040e14'Oracle Error
ORA-00933: SQL command not properly endedODBC Error
Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)PostgreSQL Error
PSQLException: ERROR: unterminated quoted string at or near "'" Position: 1orQuery failed: ERROR: syntax error at or near"'" at character 56 in /www/site/test.php on line 121.
MS SQL Server: Error
Microsoft SQL Native Client error %u201880040e14%u2019Unclosed quotation mark after the character string
参考资料:
https://www.securityidiots.com/Web-Pentest/SQL-Injection/Part-2-Basic-of-SQL-for-SQLi.html
文章来源: http://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&mid=2247495753&idx=1&sn=99e1432bd81d0d71f62d91d3ae2a8119&chksm=ec1dc061db6a497704b010a11824fd42cdc9864ed2ad4e000949985f1da760644c1fdf1e0945#rd
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh