{"id":3077,"date":"2019-04-05T01:01:47","date_gmt":"2019-04-05T01:01:47","guid":{"rendered":"http:\/\/it.isophal.com\/?p=3077"},"modified":"2019-04-05T01:01:47","modified_gmt":"2019-04-05T01:01:47","slug":"%e1%9e%80%e1%9e%b6%e1%9e%9a%e1%9e%99%e1%9e%9b%e1%9f%8b%e1%9e%8a%e1%9e%b9%e1%9e%84%e1%9e%96%e1%9e%b8%e1%9e%80%e1%9e%b6%e1%9e%9a%e1%9e%9c%e1%9e%b6%e1%9e%99%e1%9e%94%e1%9f%92%e1%9e%9a%e1%9e%a0%e1%9e%b6","status":"publish","type":"post","link":"https:\/\/isophal.com\/news\/2019\/04\/05\/3077.html\/","title":{"rendered":"\u1780\u17b6\u179a\u1799\u179b\u17cb\u178a\u17b9\u1784\u1796\u17b8\u1780\u17b6\u179a\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a SQL Injection \u1793\u17b7\u1784\u179c\u17b7\u1792\u17b8\u1780\u17b6\u179a\u1796\u17b6\u179a\u1796\u17b8\u1780\u17b6\u179a Hack"},"content":{"rendered":"

\u17e1. \u1796\u17d0\u178f\u17cc\u1798\u17b6\u1793\u1791\u17bc\u1791\u17c5<\/strong><\/p>\n

\u179f\u17d2\u179c\u17c2\u1784\u1799\u179b\u17cb\u17a2\u17c6\u1796\u17b8 \u178f\u17be\u17a2\u17d2\u179c\u17b8\u1791\u17c5\u1787\u17b6\u1780\u17b6\u179a\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u1794\u17c2\u1794 SQL Injection<\/strong><\/p>\n

\u1780\u17b6\u179a\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a SQL Injection \u1782\u17ba\u1787\u17b6\u179c\u17b7\u1792\u17b8\u179f\u17b6\u179f\u17d2\u178f\u17d2\u179a\u1798\u17bd\u1799\u1793\u17c3\u1780\u17b6\u179a\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u1791\u17c5\u179b\u17be\u1780\u1780\u1798\u17d2\u1798\u179c\u17b7\u1792\u17b8\u179c\u17c1\u1794 (web application) \u17a7. \u179c\u17c1\u1794\u179f\u17b6\u1799\u1787\u17b6\u178a\u17be\u1798 \u178a\u17be\u1798\u17d2\u1794\u17b8\u179b\u17bd\u1785\u1799\u1780\u1796\u17d0\u178f\u17cc\u1798\u17b6\u1793 \u17ac\u1791\u17b7\u1793\u17d2\u1793\u1793\u17d0\u1799\u179f\u17c6\u1781\u17b6\u1793\u17cb\u1796\u17b8\u17a2\u1784\u17d2\u1782\u1797\u17b6\u1796\u178e\u17b6\u1798\u17bd\u1799 \u179c\u17b6\u17a2\u17b6\u1785\u1787\u17b6\u1794\u1785\u17d2\u1785\u17c1\u1780\u1791\u17c1\u179f\u1798\u17bd\u1799\u178a\u17cf\u1796\u17c1\u1789\u1793\u17b7\u1799\u1798\u179f\u1798\u17d2\u179a\u17b6\u1794\u17cb\u1780\u17b6\u179a\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u1791\u17c5\u179b\u17be\u179f\u17d2\u179a\u1791\u17b6\u1794\u17cb\u1780\u1798\u17d2\u1798\u179c\u17b7\u1792\u17b8 (application layer)\u17d4 SQL Injection \u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u1791\u17c5\u179b\u17be\u1785\u17c6\u1793\u17bb\u1785\u1781\u17d2\u179f\u17c4\u1799\u1793\u17c3\u1780\u17bc\u178a\u178a\u17c2\u179b\u1794\u17b6\u1793\u1794\u1784\u17be\u178f Web Applications \u1793\u17c4\u17c7 \u17a2\u17d2\u1793\u1780\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u178a\u17b6\u1780\u17cb\u1794\u1789\u17d2\u1785\u17bc\u179b\u1793\u17bc\u179c\u1796\u17b6\u1780\u17d2\u1799\u1794\u1789\u17d2\u1787\u17b6 \u201cSQL\u201d \u1785\u17bc\u179b\u1791\u17c5\u1780\u17d2\u1793\u17bb\u1784 \u1791\u17b8\u178f\u17b6\u17c6\u1784\u178e\u17b6\u1798\u17bd\u1799 (\u17a7. Login Form) \u178a\u17be\u1798\u17d2\u1794\u17b8\u17a2\u1793\u17bb\u1789\u17d2\u1789\u17b6\u178f\u17b2\u17d2\u1799\u1796\u17bd\u1780\u1782\u17c1\u1798\u17b6\u1793\u179f\u17b7\u1791\u17d2\u1792\u1785\u17bc\u179b\u1791\u17c5\u1780\u17b6\u1793\u17cb\u1794\u17d2\u179a\u1796\u17d0\u1793\u17d2\u1792\u179a\u1794\u179f\u17cb\u17a2\u17d2\u1793\u1780\u1794\u17b6\u1793\u17d4
\nSQL Injection \u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u1793\u17bc\u179c\u1797\u17b6\u179f\u17b6 Structured Query Language (SQL) \u178a\u17c2\u179b\u1787\u17b6\u1797\u17b6\u179f\u17b6\u1798\u17bd\u1799\u178a\u17c2\u179b\u178f\u17d2\u179a\u17bc\u179c\u1794\u17b6\u1793\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u179f\u1798\u17d2\u179a\u17b6\u1794\u17cb\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u1782\u17d2\u179a\u1794\u17cb\u1782\u17d2\u179a\u1784\u1791\u17b7\u1793\u17d2\u1793\u1793\u17d0\u1799\u1793\u17c5\u1780\u17d2\u1793\u17bb\u1784 Database \u178a\u17c2\u179b\u1797\u17b6\u1782\u1785\u17d2\u179a\u17be\u1793\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u1793\u17bc\u179c relational database management systems (RDBMS) \u1794\u17d2\u179a\u1797\u17c1\u1791\u1793\u17c3\u1794\u17d2\u179a\u1796\u17d0\u1793\u17d2\u1792\u1782\u17d2\u179a\u1794\u17cb\u1782\u17d2\u179a\u1784 \u178a\u17c2\u179b\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u1793\u17bc\u179c SQL \u1798\u17b6\u1793\u178a\u17bc\u1785\u1787\u17b6 Microsoft SQL Database, Oracle, MySQL, PostgreSQL \u1793\u17b7\u1784\u1795\u17d2\u179f\u17c1\u1784\u17d7\u1791\u17c0\u178f \u17d4
\n\u1781\u17b6\u1784\u1780\u17d2\u179a\u17c4\u1798\u1793\u17c1\u17c7\u1782\u17ba\u1787\u17b6\u17a7\u1791\u17b6\u17a0\u179a\u178e\u17cd\u179f\u17b6\u1798\u1789\u17d2\u1789\u1798\u17bd\u1799 \u178a\u17be\u1798\u17d2\u1794\u17b8\u1791\u17b6\u1789\u1799\u1780\u1793\u17bc\u179c\u1796\u17d0\u178f\u17cc\u1798\u17b6\u1793\u17a2\u17c6\u1796\u17b8 Table<\/p>\n

Select * from table_name;<\/p>\n

\u1783\u17d2\u179b\u17b6\u1781\u17b6\u1784\u179b\u17be\u1793\u17c1\u17c7\u1782\u17ba\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u1793\u17bc\u179c\u1793\u17b7\u1798\u17b7\u178f\u17d2\u178f\u179f\u1789\u17d2\u1789\u17b6 * \u178a\u17be\u1798\u17d2\u1794\u17b8\u1791\u17b6\u1789\u1799\u1780\u1793\u17bc\u179c\u1791\u17b7\u1793\u17d2\u1793\u1793\u17d0\u1799\u1791\u17b6\u17c6\u1784\u17a2\u179f\u17cb\u1796\u17b8\u1780\u17d2\u1793\u17bb\u1784\u178f\u17b6\u179a\u17b6\u1784 \u201ctable_name\u201d<\/p>\n

\u17e2. \u178a\u17c6\u178e\u17be\u179a\u1780\u17b6\u179a\u1793\u17c3\u1780\u17b6\u179a\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a SQL Injection<\/strong><\/p>\n

\u17a2\u17d2\u1793\u1780\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u1798\u17b7\u1793\u178f\u17d2\u179a\u17b9\u1798\u178f\u17c2\u17a2\u17b6\u1785\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u1791\u17b6\u1789\u1799\u1780\u1793\u17bc\u179c\u1796\u17d0\u178f\u17cc\u1798\u17b6\u1793\u1796\u17b8\u1780\u17d2\u1793\u17bb\u1784\u179c\u17c1\u1794\u179f\u17b6\u1799\u179a\u1794\u179f\u17cb\u17a2\u17d2\u1793\u1780\u1794\u17c9\u17bb\u178e\u17d2\u178e\u17c4\u17c7\u1791\u17c1 \u1782\u17ba\u179c\u17b6\u17a2\u17b6\u179f\u17d2\u179a\u17d0\u1799\u1791\u17c5\u178f\u17b6\u1798\u1785\u17c6\u1793\u17bb\u1785\u1781\u17d2\u179f\u17c4\u1799\u178a\u17c2\u179b\u1798\u17b6\u1793\u1793\u17c5\u1780\u17d2\u1793\u17bb\u1784 web application \u1796\u17c1\u179b\u1781\u17d2\u179b\u17c7\u17a2\u17d2\u1793\u1780\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u17a2\u17b6\u1785\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u179a\u17c6\u179b\u1784\u1793\u17bc\u179c\u1780\u17b6\u179a Login (bypass logins) \u178a\u17be\u1798\u17d2\u1794\u17b8\u1797\u17d2\u1787\u17b6\u1794\u17cb\u1791\u17c5\u1780\u17b6\u1793\u17cb\u1791\u17b7\u1793\u17d2\u1793\u1793\u17d0\u1799 \u1780\u17c2\u1794\u17d2\u179a\u17c2\u1796\u17d0\u178f\u17cc\u1798\u17b6\u1793\u178a\u17bc\u1785\u1787\u17b6\u1780\u17b6\u179a\u1780\u17c2\u1794\u17d2\u179a\u17c2\u1791\u17c6\u1796\u17d0\u179a\u1798\u17bb\u1781 (Web Defacement) \u179b\u17bb\u1794\u1791\u17b7\u1793\u17d2\u1793\u1793\u17d0\u1799 \u17ac\u17a2\u17b6\u1785\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u1794\u17b7\u1791\u1793\u17bc\u179c\u1798\u17c9\u17b6\u179f\u17ca\u17b8\u1793\u1798\u17c1\u1787\u17b6\u178a\u17be\u1798 \u1787\u17b6\u179a\u17bf\u1799\u17d7\u1782\u17ba\u1796\u17c1\u179b\u178a\u17c2\u179b\u1798\u17b6\u1793\u1780\u17b6\u179a\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u1794\u17c2\u1794\u1793\u17c1\u17c7 \u1782\u17ba\u1780\u179a\u178e\u17b8\u178a\u17c2\u179b\u1794\u17b6\u1793\u179a\u17c0\u1794\u179a\u17b6\u1794\u17cb\u17a2\u17b6\u1785\u1793\u17b9\u1784\u1780\u17be\u178f\u1798\u17b6\u1793\u17a1\u17be\u1784\u17d4
\n\u1787\u17c6\u17a0\u17b6\u1793\u178a\u17c6\u1794\u17bc\u1784\u1782\u17ba\u17a2\u17d2\u1793\u1780\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u1792\u17d2\u179c\u17be\u1780\u17b6\u179a\u179f\u17d2\u1780\u17c1\u1793\u1793\u17bc\u179c\u179c\u17c1\u1794\u179f\u17b6\u1799\u178a\u17be\u1798\u17d2\u1794\u17b8\u179f\u17d2\u179c\u17c2\u1784\u179a\u1780\u1785\u17c6\u1793\u17bb\u1785\u1781\u17d2\u179f\u17c4\u1799 \u17a2\u17d2\u1793\u1780\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u17a2\u17b6\u1785\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u1794\u1785\u17d2\u1785\u17c1\u1780\u1791\u17c1\u179f Google Dork \u178a\u17c2\u179b\u17a2\u17b6\u1785\u1787\u17b6\u179c\u17b7\u1792\u17b8\u179f\u17b6\u179f\u17d2\u178f\u17d2\u179a\u178a\u17cf\u1798\u17b6\u1793\u1794\u17d2\u179a\u179f\u17b7\u1791\u17d2\u1792\u1797\u17b6\u1796\u1798\u17bd\u1799\u1780\u17d2\u1793\u17bb\u1784\u1780\u17b6\u179a\u179f\u17d2\u179c\u17c2\u1784\u179a\u1780\u1785\u17c6\u1793\u17bb\u1785\u1781\u17d2\u179f\u17c4\u1799\u1793\u17c3\u179c\u17c1\u1794\u179f\u17b6\u1799\u1794\u17b6\u1793\u178a\u17c4\u1799\u1784\u17b6\u1799\u17d7 \u1794\u1793\u17d2\u1791\u17b6\u1794\u17cb\u1796\u17b8\u1780\u17b6\u179a\u179a\u1780\u1783\u17be\u1789\u17a2\u17d2\u1793\u1780\u179c\u17b6\u1799\u1794\u17d2\u179a\u17a0\u17b6\u179a\u1793\u17b9\u1784\u1796\u17d2\u1799\u17b6\u1799\u17b6\u1798\u179f\u17d2\u179c\u17c2\u1784\u179a\u1780\u1793\u17bc\u179c\u1791\u17b7\u1793\u17d2\u1793\u1793\u17d0\u1799\u1791\u17b6\u1780\u17cb\u1791\u1784\u1791\u17c5\u1793\u17b9\u1784\u1788\u17d2\u1798\u17c4\u17c7 \u1793\u17b7\u1784\u1796\u17b6\u1780\u17d2\u1799\u179f\u17c6\u1784\u17b6\u178f\u17cb\u179a\u1794\u179f\u17cb\u1782\u178e\u1793\u17b8\u1793\u17c3\u17a2\u1797\u17b7\u1794\u17b6\u179b\u1782\u17d2\u179a\u1794\u17cb\u1782\u17d2\u179a\u1784\u179c\u17c1\u1794\u179f\u17b6\u1799 (usernames\/passwords) \u17a0\u17be\u1799\u1793\u17b9\u1784\u1791\u17b7\u1793\u17d2\u1793\u1793\u17d0\u1799\u179f\u17c6\u1781\u17b6\u1793\u17cb\u17d7\u1798\u17bd\u1799\u1785\u17c6\u1793\u17bd\u1793\u1791\u17c0\u178f\u17d4
\n\u1781\u17b6\u1784\u1780\u17d2\u179a\u17c4\u1798\u1787\u17b6\u17a7\u1791\u17b6\u17a0\u179a\u178e\u17cd \u1793\u17c3\u1780\u17b6\u179a\u1794\u17d2\u179a\u17be\u1794\u17d2\u179a\u17b6\u179f\u17cb\u1796\u17b6\u1780\u1794\u1789\u17d2\u1787\u17b6\u179a\u179a\u1794\u179f\u17cb google dork\u17d6<\/p>\n