logo标签列表

SQL注入:有人能解释一下这段代码吗?

sqlsecuritysql-injection
7

我发现我的一个服务器正在遭受SQL注入/攻击,想知道它试图做什么。我知道这是一种攻击方式,在谷歌搜索后发现它被广泛使用,但我没有看到有关它在做什么以及十六进制或二进制的解释。以下是攻击内容:

press-detail.php?id=999999.9+%2f**%2fuNiOn%2f**%2faLl+%2f**%2fsElEcT+0x393133353134353632312e39,0x393133353134353632322e39,0x393133353134353632332e39,0x393133353134353632342e39,0x393133353134353632352e39,0x393133353134353632362e39,0x393133353134353632372e39,0x393133353134353632382e39,0x393133353134353632392e39,0x39313335313435363231302e39,0x39313335313435363231312e39,0x39313335313435363231322e39,0x39313335313435363231332e39,0x39313335313435363231342e39,0x39313335313435363231352e39,0x39313335313435363231362e39,0x39313335313435363231372e39,0x39313335313435363231382e39,0x39313335313435363231392e39,0x39313335313435363232302e39,0x39313335313435363232312e39,0x39313335313435363232322e39,0x39313335313435363232332e39,0x39313335313435363232342e39,0x39313335313435363232352e39,0x39313335313435363232362e39,0x39313335313435363232372e39,0x39313335313435363232382e39,0x39313335313435363232392e39,0x39313335313435363233302e39,0x39313335313435363233312e39,0x39313335313435363233322e39,0x39313335313435363233332e39,0x39313335313435363233342e39,0x39313335313435363233352e39,0x39313335313435363233362e39,0x39313335313435363233372e39,0x39313335313435363233382e39,0x39313335313435363233392e39,0x39313335313435363234302e39,0x39313335313435363234312e39,0x39313335313435363234322e39,0x39313335313435363234332e39,0x39313335313435363234342e39,0x39313335313435363234352e39,0x39313335313435363234362e39,0x39313335313435363234372e39,0x39313335313435363234382e39,0x39313335313435363234392e39,0x39313335313435363235302e39,0x39313335313435363235312e39,0x39313335313435363235322e39,0x39313335313435363235332e39,0x39313335313435363235342e39,0x39313335313435363235352e39,0x39313335313435363235362e39,0x39313335313435363235372e39,0x39313335313435363235382e39,0x39313335313435363235392e39,0x39313335313435363236302e39,0x39313335313435363236312e39,0x39313335313435363236322e39,0x39313335313435363236332e39,0x39313335313435363236342e39,0x39313335313435363236352e39,0x39313335313435363236362e39,0x39313335313435363236372e39,0x39313335313435363236382e39,0x39313335313435363236392e39,0x39313335313435363237302e39,0x39313335313435363237312e39,0x39313335313435363237322e39,0x39313335313435363237332e39+and+'1'='1

我想知道为什么是“999999.9”,以及“0x39313335313435363237322e39”是什么。当这种攻击生效时,黑客会获得什么信息或对数据库进行的编辑?最后,这种攻击会一遍又一遍地运行,导致服务器崩溃吗?
非常感谢任何对该代码的解释。
1
0x39313335313435363237322e39 只是 91351456272.9 的十六进制文本。为什么是 999999.9?谁知道呢。 - Federkun
1
谢谢leggendario,我已经自己弄清楚了。但仍然不清楚代码试图做什么。 - user3137609
2
查询语句为999999.9 UNION ALL SELECT "91351456272.9","91351456272.9",...,"91351456272.9" and '1'='1。我认为它的目的是检测SQL注入的存在或不存在。 - Federkun
1
谢谢提供信息,如果存在 SQL 注入漏洞,您有什么想法它会返回什么? - user3137609
3
我认为页面的某处会出现 91351456272.9,就是这样。 - Federkun
1个回答
6
所以,由于被广泛使用,我会提交我的答案。
我认为,这些请求的目的是检查SQL注入的存在或缺失。这是试图注入的查询部分:
999999.9 UNION ALL SELECT "91351456272.9","91351456272.9",...,"91351456272.9" and '1'='1

攻击者的目标是以如下方式完成查询:
SELECT * FROM table WHERE field=999999.9 UNION ALL SELECT "91351456272.9","91351456272.9",...,"91351456272.9"

如果field没有被过滤,并且仅当在UNION SELECT中使用的列数与查询的列数匹配时,页面上很可能会出现字符串91351456272.9。 这将成为攻击者确认页面漏洞的证明。
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接