SQL注入和Web日志文件
[英]SQL injection and web log files
问题描述
I need to kow how a SQL injection is recorded in log file. 
我需要知道如何在日志文件中记录SQL注入。 In other words I need an example of a web log file entry that contains a SQL injection. 换句话说,我需要一个包含SQL注入的Web日志文件条目的示例。 Another question please: the log file is recorded first or the query is executed at the database first? 请再问一个问题:首先记录日志文件还是首先在数据库执行查询? thanks 谢谢
1 个解决方案
解决方案1
0 2012-03-09 22:02:25
In your logs ; 在您的日志中; Search for single quote (') or %27 . 搜索单引号(')或%27 。 This is just a basic SQL Injection attack check when an attacker checks if your server is vulnerable. 当攻击者检查您的服务器是否容易受到攻击时,这只是基本的SQL注入攻击检查。
In depth, you could also search for ' or 1=1-- (or) at the end of your querystring you will find this appended to it ( and 1=0-- or and 1=1-- ). 在深度上,您还可以在查询字符串的末尾搜索' or 1=1-- (或),您会发现此字符串附加在它的后面( and 1=0--或and 1=1-- )。 This is a Blind SQL Injection attack test. 这是一个盲SQL注入攻击测试。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.