Chii jekiseni SQL?

Kuwanda nzvimbo uye mapeji padandemutande iri kukura zvishoma nezvishoma. Kutora kukura vose vaya vanokwanisa. Uye ruzivo Web Developers vanowanzoshandisa kunaka uye yekare nebumbiro remitemo. Uye anosika yakawanda pokunzvenga napo kuti matsotsi uye hackers. Pane vari. Chimwe chezvinhu chaiwo kubatsirwa - SQL-jekiseni.

A vakasvimha dzidziso

Vanhu vakawanda vanoziva kuti ruzhinji nzvimbo uye rubatsiro pamusoro pomumbure vari kushandisa SQL Database okuchengetera. Uyu muronga mubvunzo mutauro unokubvumira kudzora uye kutarisira kuchengetera mashoko. Kune shanduro dzakawanda dzakasiyana pamusoro Database utariri hurongwa Database - Oracle, MySQL, Postgre. Pasinei zita uye mhando, vanoshandisa chete mubvunzo Data. Zviri pano kuti nhema zvinogona munjodzi. Kana yokuvaka vakatadza kubata zvakanaka uye vakachengetwa kukumbira, mumwe anokwanisa kushandisa ichi uye kushandisa nzira kuti kuwana kune Database, uye ipapo - uye vose nzvimbo utariri.

Kuti tidzivise mamiriro ezvinhu akadaro, unofanira zvakanaka optimize bumbiro remitemo uye kuti kunyatsotevera kuongorora nenzira iyo chikumbiro ari kupatsanurwa.

Check nokuti SQL-jekiseni

Kuti asimbise kuvapo ari munjodzi ari mambure ane uremu apedza zvoga Software enyika. Asi zvinokwanisika kuti aite nyore cheki manually. Kuti aite izvi, enda kune mumwe bvunzo nzvimbo uye kero bhaa kuedza kukonzera Database chikanganiso. Somuenzaniso, imwe manyorero panzvimbo havagoni kubata chikumbiro uye regai kudimburira navo.

Somuenzaniso, pane nekiy_sayt / index.php? Id = 25

Nyore nzira - kuisa 25 pashure akatorwa uye kutumira chikumbiro. Kana pasina kukanganisa kwakaitika, kana panzvimbo uye Sefa zvikumbiro zvose zvagadziriswa zvakanaka, kana Akaremara ari mumidziyo goho ravo. Kana peji iri reloaded nezvinetso, ipapo munjodzi kuna SQL-jekiseni iri.

Pashure pokunge aziva, unogona kuedza kuchiparadza.

Kuti dzika munjodzi iyi vanofanira kuziva zvishoma pamusoro SQL-queries zvikwata. Mumwe wavo - UNION. It inobatanidza wandei mubvunzo zvabuda kupinda chimwe. Saka tinogona ngaaverenge nhamba yeminda vari patafura. MUENZANISO wokutanga mubvunzo ndewokuti:

• nekiy_sayt / index.php? id = 25 UNION sarudza 1.

Kazhinji, chinyorwa ichi chinofanira vaunze chikanganiso. Izvi zvinoreva kuti nhamba yeminda haina kuenzana 1. Saka, kusarudza nzira 1 kana mukuru, zvinokwanisika kuti kumisa nhamba yavo chaiyo:

• nekiy_sayt / index.php? id = 25 UNION sarudza 1,2,3,4,5,6.

Ndiko, kana kukanganisa vachange hadzichaoneki, zvinoreva kuti nhamba yeminda zvokufungidzira.

Panewo imwe nzira yekupedza dambudziko iri. Somuenzaniso, apo vazhinji yeminda - 30, 60 kana 100. Izvi murayiro BOKA BY. It mapoka kwakaitwa mubvunzo pamusoro chero chikonzero Somuenzaniso id:

• nekiy_sayt / index.php ID? = 25 BOKA BY 5.

Kana chikanganiso asina kugamuchira, zvino kuminda kupfuura 5. Saka, dzinomiririra zvokusarudza kubva zvakanaka zvakawanda, zvinokwanisika kuverenga vangani vavo chaizvo.

Uyu muenzaniso SQL-jekiseni - nokuti beginners vanoda kuedza vazvisimbise kuidzwa yayo. Zvakakosha kuyeuka kuti kunze komutemo kuwana imwe nyaya iripo weCriminal Code.

The Mhando chikuru jekiseni

Dzika munjodzi nokuda SQL-jekiseni mu embodiments dzakawanda. Next ndiyo inonyanya kufarirwa nzira:

• The UNION ari mubvunzo wacho SQL jekiseni. Muenzaniso weizvi mhando nyore kare aongororwe pamusoro. Zvinonzi akaziva nokuda chikanganiso mu pokutarira kuuya data, izvo zvisina yakasvinwa zvakanaka.

• Error-inobva SQL jekiseni. Sezvo zita rinoreva, kwakadai anoshandisawo kukanganisa, kutumira mashoko anoumbwa syntactically kururama. Ipapo pane kuvhura kwacho headers, chokuongorora chinogona kuitwa pashure SQL-jekiseni.

• Ukapisa murwi queries ari SQL jekiseni. munjodzi iyi yakatsunga nokuita zvinotevedzana zvikumbiro. It kunoratidzwa kuwedzera pakupera chiratidzo ";". Izvi zvinowanzooneka chinozoiswa kuvhura Implementation kuti kuverenga nokunyora mashoko kana uchishandisa hurongwa kushanda, kana ropafadzo kumubvumira.

Software yokutsvaka SQL-maburi

Pane kuti SQL-jekiseni, purogiramu kazhinji zvinoriumba maviri - nzvimbo tarisei kuti zvinobvira kubatsirwa uye kuzvishandisa kuwana mashoko. Pane dzimwe maturusi kwerinenge zvose anozivikanwa platforms. functionality yavo hwezvekukurukurirana zvikuru vachiongorora Website kutsemuka wako SQL-jekiseni.

Sqlmap

simba chaizvo scanner kuti anoshanda Databases vakawanda. It inotsigira nzira siyana Implementation kuti SQL-jekiseni. It anokwanisa vapiwa kuziva mhando pasiwedhi hashi Cracking uye duramazwi. Present uye dzichipfekeka faira Upload uye download kubva Server.

Installation iri Linux rinoitwa kushandisa mirayiro:

• Git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-Dev,
• cdsqlmap-Dev /,
• ./sqlmap.py --wizard.

Nokuti Windows inowanika somushonga pamwe murayiro mutsetse uye graphical User inowanikwa.

jSQL jekiseni

jSQL jekiseni - muchinjikwa-pachikuva mudziyo kunovhenekwa kushandisa SQL kubatsirwa. Zvakanyorwa Java, saka maitiro inofanira kuiswa JRE. Vaigona kubata WANA zvikumbiro, POST, Header, kudzayi. It ane imwe graphical inowanikwa.

Kugadzwa ichi yekombiyuta iri sezvinotevera:

wget https://github.com/`curl -s https: //github.com/ron190/jsql-injection/releases | grep-E -o '/ron190/jsql-injection/releases/download/v[0-9]{1,2}.[0-9]{1,2}/jsql-injection-v[0-9] . {1,2} [0-9] {1,2} .jar '| musoro-N 1`

Nezvekutanga iri nokushandisa murayiro Java -jar ./jsql-injection-v*.jar

Kuti tatanga bvunzo nzvimbo iri SQL-munjodzi, unofanira kupinda kero iri pamusoro mumunda. Vane kuzvitsaurira Wana uye POST. With yakanaka mugumisiro, ndandanda iripo matafura vachaonekwa kuruboshwe hwindo iri. Unogona kuona navo uye kudzidza zvimwe zvakavanzika ruzivo.

Tab «Admin peji» kushandiswa kuwana yaiona aenzana. Pairi achishandisa anokosha templates rwoga anoongorora hurongwa rinotaura ropafadzo vanoshandisa. Kubva pavo unogona kuwana chete hashi pamusoro password. Asi iye ane rematurusi purogiramu.

Awana ose kubatsirwa uye jekiseni zvakakodzera kubvunzurudza, ari mudziyo achabvumira Server kuti zadza faira yako kana, Ukuwo, kuiwana ikoko.

SQLi Dumper v.7

chirongwa ichi - nyore kushandisa mudziyo yokuwana uye zvinenge SQL kubatsirwa. It unobereka UN kwakavakirwa inonzi Dorcas. Dzavo mazita anogona kuwanikwa paIndaneti. Dorca nokuti SQL-jekiseni - izvi dzinokosha templates kutsvaga queries. Uchibatsirwa wavo, unogona kuwana vanokwanisa vanoshupika nzvimbo kuburikidza chero search engine.

Zvaitibatsira nokudzidziswa

Itsecgames.com panzvimbo pane chinokosha akagadzirwa zvishandiso unobvumira muenzaniso unoratidza sei kuita SQL jekiseni uye kuedza kwayo. Kuti tibatsirwe, zvinokosha kudhanilodha uye kuisa. The Archive ine mamwe mafaira, unova nemamiriro nzvimbo. Yokugadza nayo achada iri yaivapo akaisawo Apache paWeb server, MySQL uye PHP.

Rongonyora kuti Archive ari paWeb server forodha, unofanira kuenda pakero akapinda kana kugadzwa ichi software. A peji pamwe mushandisi kunyoresa. Pano unofanira kupinda ruzivo rwako uye baya «Create». Kutamira inodzidzisa kuti chidzitiro mutsva, kuti hurongwa kunoita kuti kusarudza mumwe bvunzo nyaya. Pakati pavo pane vose akarondedzerwa jekiseni, uye muedzo dzakawanda nezvimwewo.

Zvakakodzera kufunga muenzaniso SQL-jekiseni mhando Wana / Search. Pano unofanira kusarudza uye baya «Hack». Pamberi mushandisi achaonekwa, uye kutsvaka tambo kutevedzera firimu nzvimbo. Kugadzirisa mabhaisikopu kunogona refu. Asi pane 10. chete Somuenzaniso, unogona kuedza kupinda Iron Man. Zvichava kuratidza firimu, ipapo nzvimbo anoshanda, uye tafura rine. Ikozvino tinofanira kuongorora kana chinokosha vatambi manyorero filters, kunyanya mazwi. Kuti aite izvi, wedzera 'iri kero nomuzariro. " Uyezve, ichi chinofanira kuitwa pashure firimu racho rokuremekedza. Nzvimbo achapa chikanganiso Error: Une kukanganisa kwako SQL nemarongerwo; tarisa Chinyorwa unoenderana MySQL wako Server shanduro yokuti nemarongerwo zvakanaka kushandisa pedyo '%' 'pana mutsetse 1, inotaura kuti vatambi zvichiri haitarisirwi zvakanaka. Saka unogona kuedza kutsiva kwenyu chikumbiro. Asi tinofanira kutanga ngaaverenge nhamba yeminda. Rinoshandiswa kuti murayiro uyu, iyo hunosumwa mushure prices: http://testsites.com/sqli_1.php?title=Iron+Man 'kuti kubudikidza 2 - & chiito = kutsvaka.

murayiro uyu chete zvinoratidza ruzivo pamusoro firimu, kuti, nhamba yeminda mukuru 2. kaviri hyphen anoudza Server kuti mamwe zvikumbiro anofanira kuraswa. Zvino isu tine kugadzirisa, vachiisa kuwedzera kukosha sokuvapo kukanganisa haisi kudhindwa. Pakupedzisira, zvinoitika kuti kuminda vachava 7.

Zvino yava nguva kuwana chinhu chinobatsira kubva hwaro. Will zvishoma yokugadziridza Chikumbiro kero nemizariro, vachiuya kuti mufananidzo: http://testsites.com/sqli_1.php?title=Iron+Man 'mubatanidzwa sarudza 1, Database (), mushandisi (), 4, pasiwedhi, 6, 7 kubva vanoshandisa - & chiito = kutsvaka. Somugumisiro Implementation wayo kuti kuratidza tambo pamwe pasiwedhi hashes, izvo hunogona kungoparara dzikwanise anonzwisisika zviratidzo uchishandisa imwe paIndaneti mabasa. A conjured zvishoma uye akatora munda zita rine Login, unogona kuwana womumwe kupinda, akadai arun nzvimbo.

The chigadzirwa ane uremu rudzi jekiseni mifananidzo, pairi kudzidzira. Zvinofanira kurangarirwa kuti kushanda unyanzvi aya samambure hune nzvimbo ingava mhosva.

Jekiseni uye PHP

Sezvo kutonga, PHP-bumbiro uye ndiye anodiwa kubudiswa zvikumbiro kubva user. Naizvozvo, panguva ino pamwero unofanira kuvaka kudzivirira SQL-jekiseni PHP.

Chokutanga, ngationei kupa zvishomanana mirayiridzo, pahwaro izvo zvakafanira kuita kudaro.

• Data anofanira kugara kupatsanurwa vasati akaisa mukati Database. Izvi zvinogona kuitwa kana nokushandisa huripo mashoko, kana kuronga queries manually. Panowo, unofanira kufunga kuti Numeric zvinokosheswa vari vakatendeutswa kuti mhando chinodiwa;
• Kudziviswa chakaita siyana kudzora zvivako.

Zvino zvishoma pamusoro nemitemo rokunyora queries muna MySQL kudzivirira SQL-jekiseni.

Pakuswedera upi mashoko kuti mubvunzo zvakakosha kuparadzanisa umboo kubva SQL Keywords.

• Sarudza * FROM tafura KUPI zita = Zerg.

In configuration ino, mamiriro ezvinhu anogona kufunga kuti Zerg - zita upi munda, saka unofanira komberedza payo prices.

• Sarudza * FROM tafura KUPI zita = 'Zerg'.

Zvisinei, pane dzimwe nguva apo ukoshi pacharo rine prices.

• Sarudza * FROM tafura KUPI zita = 'Côte d'Ivoire.

Pano chete kubata chikamu kuCôte D, uye vamwe zvinogona kuonekwa chikwata, izvo, chokwadi, kwete. Naizvozvo, kukanganisa kunoitika. Zvino unofanira kuti kuongorora Data mhando iyi. Kuti aite izvi, shandisa backslash - \.

• Sarudza * FROM tafura KUPI zita = 'katsi-d \' Ivoire '.

All pamusoro apa rinoreva pemitsara. Kana chiito kunoitika ine nhamba, zvino hakudi chero prices kana slashes. Zvisinei, vanofanira inodiwa kuti nechisimba anonamata achida date mhando.

Pane mazano kuti munda zita inofanira akanyudzwa backquotes. chiratidzo ichi ari kurutivi kiibhodhi rworuboshwe, pamwe tilde "~". Izvi kuitira kuti MySQL aigona zvakarurama kusiyanisa zita munda kubva guru yenyu.

Dynamic basa pamwe mashoko

Kakawanda, kuti chero umboo kubva Database uchishandisa queries, vanowanika dynamically. Somuenzaniso:

• Sarudza * FROM tafura KUPI nhamba = '$ nhamba'.

Pano, kuti shanduka $ nhamba akapfuura sezvo Pakusarudza kukosha musango. Chii chichaitika kana rikawana 'Côte d'Ivoire' kana? Error.

Kudzivisa dambudziko iri, Chokwadi, unogona kusanganisira "zvemashiripiti prices" pazviruva. Asi zvino Data vachava firimu apo zvakakodzera uye kwete zvakakodzera. Uyezve, kana bumbiro remitemo rakanyorwa noruoko, unogona kupedza imwe nguva shoma kuti kusika husingakwanisi cracking walnut nemamiriro pachayo.

Nokuti rakazvimirira kuwedzera imwe yokutema miti anogona kushandisa mysql_real_escape_string.

$ Number = mysql_real_escape_string ($ nhamba);

$ Year = mysql_real_escape_string ($ gore);

$ Query = "pinza KUKAVA tafura (nhamba, gore, kirasi) tsika ( '$ nhamba', '$ gore', 11)".

Kunyange zvazvo bumbiro dzikawedzera inzwi, asi zvinogona zvingava kushanda ngozi zvikuru.

placeholders

Placeholders - kubva zvezvinangwa mutsa uyo hurongwa anobvuma kuti iyi ndiyo nzvimbo unofanira kuisa rinokosha zvakanyanya. Somuenzaniso:

$ Sate = $ mysqli-> kugadzirira ( "Select District FROM Number KUPI Name =?");

$ Sate-> bind_param ( "s", $ nhamba);

$ Sate-> tongai ();

Chikamu ichi remitemo anotora kurovedza chikumbiro template uye ipapo Anodzivira shanduka nhamba, uye anoita izvozvo. Izvi zvinobvumira kuti akatsemura mubvunzo kubudiswa uye ayo Implementation. Saka, unogona kuponeswa kubva pakushandisa nokupopota remitemo vari SQL-.

Chii simba ane vavashungurudza

Protection System - a chinokosha zvikuru, risingagoni kuregeredzwa. Chokwadi, zviri nyore mabhizimisi kadhi nzvimbo zvichava nyore kudzorera. Uye kana iri hombe portal, basa, Forum? Migumisiro kana musingadi nezvekurara kuchengeteka?

Chokutanga, mumwe Hacker anogona kutyora uye bvisa zvachose kuvimbika zvose hwaro. Uye kana mutariri nzvimbo yacho kana hoster hakuiti negadziriro yeparutivi, uchava dzakaoma. Kupfuura zvose, chinhu mupasa, cracking walnut imwe nzvimbo, unogona kuenda kune mumwe anamira zvakafanana Server.

Next kuba pachavo mashoko nevashanyi. How kushandisa - zvose zviri shoma chete mupfungwa imwe Hacker. Asi chero zvakadaro, migumisiro harinakidzi chaizvo. Kunyanya kana aine ruzivo zvemari.

Uyewo, zvebhinya anogona batanidza Database pachako uye ipapo vavabhadharise mari yacho kudzoka.

Tisare vanoshandisa pachinzvimbo mutarisiri nzvimbo, munhu havasi ari, anogona kuva zvakaipa sezvinobvira kubiridzira chokwadi.

mhedziso

ruzivo All munyaya ino inowaniswa informational zvinangwa chete. Kurishandisa chete vanofanira kuedza pachake zvirongwa zvavo kana anoona kubatsirwa uye kugadzirisa navo.

Kuti uwane zvakadzama kudzidza unyanzvi sei kuita SQL-jekiseni, zvinokosha kutanga chaiko pakutsvakurudza nezvaanogona uye zvaidiwa mutauro SQL. Sezvo rakanyorwa queries, Keywords, mashoko mifananidzo, uye kushandiswa kwayo zvose.

Uyewo havagoni kuita pasina kunzwisisa kwomudzimu PHP uye HTML zvinhu mabasa. The chikuru kushandiswa vanoshupika pfungwa kuti jekiseni - kero mutsetse, uye siyana kutsvaka munda. Kudzidza PHP mabasa, kuti nzira Implementation uye zvinhu zvichaita edza sei kusaita zvikanganiso.

Kuvapo dzakawanda makagadzirira akagadzirwa Software maturusi anobvumira zvakadzama kuongorora panzvimbo inozivikanwa kubatsirwa. Chimwe chezvinhu dzakakurumbira zvigadzirwa - kali juick_ppl. mufananidzo uyu Linux-based uchishandisa hurongwa, iyo ine vazhinji maturusi uye zvirongwa kuti hatigoni kubuda nzwisisika kuongorora nzvimbo simba.

Zvaunofanira kuziva sei kuti Hack nzvimbo? Ndicho nyore chaizvo - zvakakosha kuziva zvinogona kubatsirwa basa rako kana Website. Kunyanya kana iri paIndaneti chitoro pamwe paIndaneti mubhadharo, apo muripo User Data anogona kudzimika nechimwe vavashungurudza.

For nyanzvi mukudzidza yaivapo mashoko kuchengeteka vashandi vachakwanisa tarisa nzvimbo dzakasiyana-siyana zvinodiwa uye kudzika. Kutangira kubva nyore HTML-majekiseni uye kuti mumagariro engineering phishing.