SQL Blind Injection Wirkungsweise: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| (7 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 2: | Zeile 2: | ||
;In diesem Beispiel benutzen wir zur Vereinfachung nur Zahlen | ;In diesem Beispiel benutzen wir zur Vereinfachung nur Zahlen | ||
=Länge der Passworts ermitteln= | =Länge der Passworts ermitteln= | ||
| − | *select | + | *select username from users where username='hans.will' and length(password) > 5; |
| − | +-------+ | + | +-----------+ |
| − | | | + | | username | |
| − | +-------+ | + | +-----------+ |
| − | | | + | | hans.will | |
| − | +-------+ | + | +-----------+ |
| + | 1 row in set (0.00 sec) | ||
| + | *select username from users where username='hans.will' and length(password) > 10; | ||
| + | Empty set (0.00 sec) | ||
| + | |||
| + | *select username from users where username='hans.will' and length(password) = 6; | ||
| + | +-----------+ | ||
| + | | username | | ||
| + | +-----------+ | ||
| + | | hans.will | | ||
| + | +-----------+ | ||
1 row in set (0.00 sec) | 1 row in set (0.00 sec) | ||
| − | *select user from my_auth where user='erwin' and | + | ;Erkenntnis das Passwort ist genau 6 Zeichen lang. |
| + | |||
| + | *select username from users where username='hans.will' and substring(password,1,1) = 'g'; | ||
| + | Empty set (0.00 sec) | ||
| + | *select user from my_auth where user='erwin' and substring(password,1,1) > 3 ; | ||
| + | Empty set (0.00 sec) | ||
| + | *select user from my_auth where user='erwin' and substring(password,1,1) > 2 ; | ||
+-------+ | +-------+ | ||
| user | | | user | | ||
| Zeile 16: | Zeile 32: | ||
+-------+ | +-------+ | ||
1 row in set (0.00 sec) | 1 row in set (0.00 sec) | ||
| − | *select user from my_auth where user='erwin' and | + | *select user from my_auth where user='erwin' and substring(password,1,1) = 3 ; |
+-------+ | +-------+ | ||
| user | | | user | | ||
| Zeile 23: | Zeile 39: | ||
+-------+ | +-------+ | ||
1 row in set (0.00 sec) | 1 row in set (0.00 sec) | ||
| − | ;Erkenntnis | + | ;Erkenntnis Erstes Zeichen gleich 3 |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
Aktuelle Version vom 30. August 2023, 09:55 Uhr
Wir wollen das Passwort herausfinen ohne es zu sehen
- In diesem Beispiel benutzen wir zur Vereinfachung nur Zahlen
Länge der Passworts ermitteln
- select username from users where username='hans.will' and length(password) > 5;
+-----------+ | username | +-----------+ | hans.will | +-----------+ 1 row in set (0.00 sec)
- select username from users where username='hans.will' and length(password) > 10;
Empty set (0.00 sec)
- select username from users where username='hans.will' and length(password) = 6;
+-----------+ | username | +-----------+ | hans.will | +-----------+ 1 row in set (0.00 sec)
- Erkenntnis das Passwort ist genau 6 Zeichen lang.
- select username from users where username='hans.will' and substring(password,1,1) = 'g';
Empty set (0.00 sec)
- select user from my_auth where user='erwin' and substring(password,1,1) > 3 ;
Empty set (0.00 sec)
- select user from my_auth where user='erwin' and substring(password,1,1) > 2 ;
+-------+ | user | +-------+ | erwin | +-------+ 1 row in set (0.00 sec)
- select user from my_auth where user='erwin' and substring(password,1,1) = 3 ;
+-------+ | user | +-------+ | erwin | +-------+ 1 row in set (0.00 sec)
- Erkenntnis Erstes Zeichen gleich 3