Research Of SQL Injection Attack Techniques In Remote Penetration Testing

Due to increasingly awareness of network security, penetration testing using one single method can't meet the needs of remote penetration testing. More effective way is comprehensive utilization of attack technology to invade into the internal and promote to the system admin and then to catch confidential information. Web script attacks using SQL injection is main choice, and it becomes one of the most important techniques in remote penetration testing.This topic comes from "Research of Penetration Testing of Illegal External Connection Based on the Internet". It researches SQL injection deeply as key technique to invade internal network. This paper design a model for remote penetration based on SQL injection, analyses manual injection technique on LAMP (Linux + Apache + MySQL + PHP), and bring up some new techniques for blind injection which does not display error returned. Chapters which discus manual injection are composed of three parts: basically, method of judging error in obtaining information for invading, judging injection point, probing system functions; additionally, guessing field bit by bit in stage of access root in database, authority enhancement, time difference function; and finally, uploading backdoor script into management background.Compared with manual injection, automatic SQL injection can shorten time for Enumeration, loop, recursion, improve the effective and lower the requirement of injection. This paper designed and implemented an automatic SQL injection system using Perl named SQLin. The system uses backdoor uploading program to obtain shell of target web server by known injection point and finally controls the target web server and database. It brought up an algorism to find out directories to which we can upload files, and implemented automatically uploading backdoor script. It improved algorism which splits a big SQL query into some small sub queries and uses technique of multi-threaded to process these sub queries. Testing and experiments improve that the SQLin is correct and effective, which makes SQL injection more convenient and precise.