INSERT 上的 SQL 注入

发布于 2024-10-10 22:03:15 字数 966 浏览 5 评论 0原文

我目前正在以 IT 实习生的身份测试我公司应用程序的 SQL 注入漏洞。

所以我发现,该应用程序确实容易受到注入攻击,因为我可以更改一些插入语句。

所以我将insert语句更改为:

INSERT INTO tablename( column, column1, column2, column3, column4,column5, column6, column7, column8 ) 
VALUES ( 10965972, 185796154, 25, 23,2023, '', CURRENT_DATE, 'v0201100',
18); 

DELETE * 
  FROM tablename;-- , 2023,'a', CURRENT_DATE, 'v0201100', 18 )

我认为这应该是一个正确的语句,但是MySQL服务器返回了这个错误: MySQL 错误:1064(您的 SQL 语法有错误;[...]

如果有人可以帮助并告诉我语法错误的原因,那就太好了...

感谢您的帮助:-)

编辑: 感谢您的所有回答。 :) 不幸的是 * 不是问题。 我尝试执行不带删除部分的语句(语句由php执行) 所以语句如下所示:

[...] VALUES( 10963455, 182951959, 23, 23,2023, '', CURRENT_DATE, 'v0201100', 18)--, 2023, '', CURRENT_DATE, 'v0201100', 18 )

但即便如此,MySQL 服务器也返回了相同的错误。 这是完整的错误消息:

MySQL 错误:1064(您有一个错误 在你的 SQL 语法中;检查手册 对应于您的 MySQL 服务器 正确使用语法的版本 靠近“--, 2023, ”, CURREN' 行 17) 会话停止。

如果有人知道这个问题,我将非常感激。

I'm currently testing Vulnerabiltys to SQL Injections for my companys application as an it-trainee.

So I found, that the application is indeed vulnerable to injections because I can alter some of the insert statements.

So I altered the insert Statement to this:

INSERT INTO tablename( column, column1, column2, column3, column4,column5, column6, column7, column8 ) 
VALUES ( 10965972, 185796154, 25, 23,2023, '', CURRENT_DATE, 'v0201100',
18); 

DELETE * 
  FROM tablename;-- , 2023,'a', CURRENT_DATE, 'v0201100', 18 )

I thought this should be a correct statement, but the MySQL Server returned this Error:
MySQL Error: 1064 (You have an error in your SQL syntax;[...]

Would be nice if somebody could help and tell my why the syntax is wrong...

Thanks for your help :-)

Edit:
Thanks for all your answers. :) Unfortunatly the * wasn't the Problem.
I tried to execute the statement (statement is executed by php) without the delete part
so the statement looks like this:

[...] VALUES( 10963455, 182951959, 23, 23,2023, '', CURRENT_DATE, 'v0201100', 18)--, 2023, '', CURRENT_DATE, 'v0201100', 18 )

But even then the MySQL Server returned the Same Error.
Here is the Full Error Message:

MySQL Error: 1064 (You have an error
in your SQL syntax; check the manual
that corresponds to your MySQL server
version for the right syntax to use
near '--, 2023, '', CURREN' at line
17) Session halted.

Would really appreciate it if anyone knew the problem.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(7

や莫失莫忘 2024-10-17 22:03:15

如果该示例查询块在SINGLE ->query() 调用中执行,则 MySQL 驱动程序不允许在单个查询调用中执行多个查询。它消除了 bobby table 类型的注入攻击,但不能阻止注入操作 where 子句等的值。

If that sample chunk of query is executed in a SINGLE ->query() call, MySQL's driver doesn't allow multiple queries within a single query call. It eliminates the bobby tables type injection attacks, but doesn't prevent injecting values that would manipulate where clauses and whatnot.

池予 2024-10-17 22:03:15

查看MySQL DELETE 规范,没有建议您可以在 DELETE 语句后立即包含 * 。尝试将其删除。

* 在 select 语句中用于选择所有列。此处指定它没有任何意义,因为您正在删除行。

我相信解析器会忽略 -- 注释行(我当然希望如此),所以这部分代码应该没问题。如有疑问,请将其删除以进行测试。

Having a look at the MySQL spec for DELETE, there is no suggestion that you can include * immediately proceeding the DELETE statement. Try removing it.

The * is used in a select statement to select all columns. Specifying it here makes no sense, as you are deleting rows.

I believe the -- commented-out line will be ignored by the parser (I would certainly expect it to be), so that bit of code should be ok. If in doubt remove it as a test.

感性 2024-10-17 22:03:15

当我使用 ; 将您的 sql 语句拆分为多行时作为分隔符,我得到:

1) VALUES( 10965972, 185796154, 25, 23,2023, '', CURRENT_DATE, 'v0201100', 18);
2) DELETE * FROM 表名;
3) -- , 2023, 'a', CURRENT_DATE, 'v0201100', 18 )

对我来说,3)对我来说看起来不像有效的sql......

When I split your sql statement on multiple lines using ; as seperator, I get:

1) VALUES( 10965972, 185796154, 25, 23,2023, '', CURRENT_DATE, 'v0201100', 18);
2) DELETE * FROM tablename;
3) -- , 2023, 'a', CURRENT_DATE, 'v0201100', 18 )

To me, 3) doesn't look like valid sql to me...

千柳 2024-10-17 22:03:15

MySQL 不允许没有 where 语句的 delete 查询。你可以使用:

DELETE * FROM tablename WHERE 1 = 1

你可能还需要删除delete之后的*,看起来MySQL不支持这一点。

MySQL doesn't allow a delete query without a where statement. You can use:

DELETE * FROM tablename WHERE 1 = 1

You may also have to remove the * after delete, it doesn't look like MySQL supports that.

浊酒尽余欢 2024-10-17 22:03:15

@freddy:DELETE * FROM tablename 应该是DELETE FROM tablename

@freddy: DELETE * FROM tablename should be DELETE FROM tablename.

油焖大侠 2024-10-17 22:03:15

DELETE 语句的 ANSI SQL 定义不包含星号 *

Try, DELETE FROM tablename

ANSI SQL definition for DELETE statements does not include an asterix *

Try, DELETE FROM tablename

鯉魚旗 2024-10-17 22:03:15

此外,您还使用 SQL 注入。 SQL 注入在您的公司可能发生的原因是一个秘密(只需使用预先准备的语句),但这不是问题所在。大多数 SQL 注入是由于使用 mysql_query() 而不进行过滤/转义引起的。 mysql_query() 只允许 1 个查询。如果这可以工作,则必须有 mysql_multi_query() 。
MySQL 禁止修改 SELECT 语句中的数据。

Additionally you are using a SQL-Injection. The reason why SQL-Injections are possible at your company is a secret (just use preapred statements), but this isn't the question. Most SQL-Injections are caused by using mysql_query() without filtering/escaping. mysql_query() allows only 1 query. There has to be mysql_multi_query() if this should work.
Modifying data in SELECT-Statements is prohibited by MySQL.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文