• Главная
• Книги
  • Хобби
  • Фентези, фантастика, мистика
  • История
  • Детектив
  • Сделай сам
  • Авто-мото
  • Логопедия
  • Юмор
  • Любовный роман
  • Эзотерика. Психология
  • Компьютер
• Фотообои
  • Природа
  • Авто-мото
  • Девушки
  • Фентези и мистика
  • Из фильмов
  • Мужчины,парни
  • Аниме
  • Любовь
  • Приколы
• Антивирусы
• Ключи,активаторы
• Плееры, кодеки
• Разное, программы
• Новости
• Блог.Win 7

Информер RSS

{keyword} And (select 8148 From(select Count(*),concat(0x7162717671,(select (elt(8148=8148,1))),0x7171627171,floor(rand(0)*2))x From Information_schema.character_sets Group By X)a)-- Qkgc -

If a website's search bar or URL parameter isn't properly "sanitized," an attacker can use this method to: (e.g., MySQL, PostgreSQL). Extract table names and column structures.

The snippet you provided is a classic example of an attack.

Ensure your database user account only has the permissions it absolutely needs. For example, a "read-only" web user shouldn't be allowed to access INFORMATION_SCHEMA . If a website's search bar or URL parameter

This is the gold standard. Instead of building a query string with user input, you use placeholders ( ? ). The database treats the input strictly as data, never as executable code.

It looks like your query contains some SQL injection syntax ( SELECT COUNT , CONCAT , INFORMATION_SCHEMA ). If you're looking for an on how these types of database queries work—specifically regarding web security and SQL injection (SQLi) —I can certainly help with that. What is this code? Ensure your database user account only has the

Only allow the types of characters you expect. If a user is searching for a "Keyword," they probably don't need to use parentheses or semicolons.

The attacker isn't trying to delete data yet; they are trying to "fingerprint" the database. Instead of building a query string with user

If you are a developer, you can stop these attacks using three main methods: