问题
I am trying to fetch bulk data from a website database but could not succeed. Can somebody suggest if SQL injection is possible and how to do in this case.
回答1:
There are many ways to do SQL Injection to a website similar to the one you provided.
In the where clause it is expecting ac_no. I assume that this value is being passed from the browser as user input. In that case you can pass ac_no value along with or 1 = 1. e.g where ac_no = 123 or 1 = 1. It returns everything from the table RollPdf1.
For string comparison you can add "" = "" to the where clause.
If you want to perform other select operations ( if you know other table names) then you can append select statements delmited by ;.
UNION operator :
If you know the data types of the columns selected in the query then you can use UNION to get additional data from other tables.
e.g
original query : select name, age, sex from table1 where id = 1
sql injected query : select name, age, sex from table1 where id = 1 AND 1 = 2 UNION select username, id, password from userstable or someother table.
来源:https://stackoverflow.com/questions/42056603/can-i-do-sql-injection-on-this-website