meta data de esta página
Diferencias
Muestra las diferencias entre dos versiones de la página.
Ambos lados, revisión anteriorRevisión previaPróxima revisión | Revisión previa | ||
seguridad:sql_injection [2013/03/18 09:49] – [SQL Injection] lc | seguridad:sql_injection [2023/01/18 14:11] (actual) – editor externo 127.0.0.1 | ||
---|---|---|---|
Línea 9: | Línea 9: | ||
* %0D | * %0D | ||
</ | </ | ||
- | < | + | |
+ | === Técnicas extraidas | ||
<code sql> | <code sql> | ||
1 SELECT * FROM login /* foobar */ | 1 SELECT * FROM login /* foobar */ | ||
Línea 73: | Línea 74: | ||
2 SELECT ROUND(23.298, | 2 SELECT ROUND(23.298, | ||
</ | </ | ||
- | < | + | < |
Misc | Misc | ||
1 SELECT LENGTH(COMPRESS(REPEAT(' | 1 SELECT LENGTH(COMPRESS(REPEAT(' | ||
Línea 94: | Línea 95: | ||
Beware of of the N rounds, add an extra zero and it could stall or crash your browser! | Beware of of the N rounds, add an extra zero and it could stall or crash your browser! | ||
Gathering info | Gathering info | ||
- | < | + | < |
Table mapping | Table mapping | ||
1 SELECT COUNT(*) FROM tablename | 1 SELECT COUNT(*) FROM tablename | ||
</ | </ | ||
- | < | + | < |
Field mapping | Field mapping | ||
1 SELECT * FROM tablename WHERE user LIKE " | 1 SELECT * FROM tablename WHERE user LIKE " | ||
Línea 105: | Línea 106: | ||
4 SELECT * FROM tablename WHERE user = ' | 4 SELECT * FROM tablename WHERE user = ' | ||
</ | </ | ||
- | < | + | < |
User mapping | User mapping | ||
1 SELECT * FROM tablename WHERE email = ' | 1 SELECT * FROM tablename WHERE email = ' | ||
Línea 204: | Línea 205: | ||
- | === Herramientas === | + | ==== Herramientas |
- | Havij -> http:// | + | |
+ | * Havij http:// | ||
+ | * PonyMagic http:// | ||
+ | * General Injection Explorer | ||
+ | * Safe 3 sql injector http:// | ||
+ | * Enema http:// | ||
+ | * Absinthe http:// | ||
+ | * Pangolin http:// | ||
+ | * sql poison | ||
+ | * sql map gui | ||
+ | * bsql hacker http:// | ||
+ | * | ||
Línea 211: | Línea 223: | ||
==== Referencias ==== | ==== Referencias ==== | ||
* http:// | * http:// | ||
+ | * http:// |