[英]SQL injection and web log files
I need to kow how a SQL injection is recorded in log file. 我需要知道如何在日志文件中记录SQL注入。 In other words I need an example of a web log file entry that contains a SQL injection.
换句话说,我需要一个包含SQL注入的Web日志文件条目的示例。 Another question please: the log file is recorded first or the query is executed at the database first?
请再问一个问题:首先记录日志文件还是首先在数据库执行查询? thanks
谢谢
In your logs ; 在您的日志中; Search for single quote
(')
or %27
. 搜索单引号
(')
或%27
。 This is just a basic SQL Injection attack check when an attacker checks if your server is vulnerable. 当攻击者检查您的服务器是否容易受到攻击时,这只是基本的SQL注入攻击检查。
In depth, you could also search for ' or 1=1--
(or) at the end of your querystring you will find this appended to it ( and 1=0--
or and 1=1--
). 在深度上,您还可以在查询字符串的末尾搜索
' or 1=1--
(或),您会发现此字符串附加在它的后面( and 1=0--
或and 1=1--
)。 This is a Blind SQL Injection attack test. 这是一个盲SQL注入攻击测试。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.