0x5E5B7D7E的SQL意义是什么?

发布于 2024-09-28 02:13:43 字数 467 浏览 6 评论 0原文

通过查看一些 apache 日志,我多次遇到以下模式(URL 解码):

GET /foo.php?id=1 and union select 0x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E,... --

显然,这是一次 SQL 注入尝试。但为什么上面显示的是常数呢?我不明白它怎么会特别重要,尽管它似乎出现得相当频繁。

就其价值而言,上述常量映射到以下 ASCII 字符:“^[}~”,如果颠倒字节顺序,则为“~}[^”。十进制值为 1,583,054,206,八进制值为 013626676576。该代码似乎没有映射到有用的 x86 指令序列。

Google 搜索该数字仅显示了在其他站点上使用相同 SQL 注入攻击的尝试的残余 - 没有有关攻击本身的信息。

有人有任何见解吗?

Looking through some apache logs, I've run into the following pattern several times (URL decoded):

GET /foo.php?id=1 and union select 0x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E,... --

Clearly this is an SQL injection attempt. But why the constant shown above? I can't see how it could be particularly significant, though it seems to appear quite frequently.

For what it's worth, the above constant maps to the following ASCII characters: "^[}~", or "~}[^" if you reverse the byte order. The value in decimal is 1,583,054,206, in octal it's 013626676576. The code doesn't seem to map to a useful sequence of x86 instructions.

A Google search for the number reveals simply the remnants of attempts at using the same SQL injection attack on other sites -- no information about the attack itself.

Anyone have any insight?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

云胡 2024-10-05 02:13:43

该值是唯一标识符。如果页面上出现值“^[}~”,则机器人知道您容易受到sql注入攻击,如果出现值“0x5E5B7D7”,那么它就是不被你的sql服务器解释。此 SQL 注入测试可能只从一个 0x5E5B7D7E 开始,然后继续到预定义的数量。这是因为使用联合选择时,联合必须返回与其附加到的选择相同的列数,并且机器人必须强力强制该值。

请注意,此测试不适用于盲 SQL 注入,因为值“^[}~”将不可见。 mysql 的盲sql注入测试将注入对sleep(30 )BENCHMARK(5000000,md5(1337))。这将导致页面需要几秒钟的时间来加载,从而表明该 sql 代码正在执行。

This value is a unique identifier. If the value "^[}~" appears on the page then the bot knows you are vulnerable to sql injection, where as if the value "0x5E5B7D7" appears then it was not interpreted by your sql server. This sql injection test probably starts off with only one 0x5E5B7D7E and then continues to a predefined number of them. This is because with a union select the union must return the same number of columns as the select it is being appended to, and the bot must brute force this value.

Note, that this test will not work with blind sql injection because the value "^[}~" will not be visible. A blind sql injection test for mysql would be injecting a call to sleep(30) or BENCHMARK(5000000,md5(1337)). This will cause the page to take a few seconds to load, thus signifying that this sql code is being executed.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文