解释如何在 Rails 中利用 order 子句 [英] Explain how order clause can be exploited in Rails

问题描述

我很难理解 Rails SQL 注入网站 中的这一部分是如何工作的.

I am having difficulty understanding how this section from this website on Rails SQL Injections works.

在 ORDER BY 子句中利用 SQL 注入是很棘手的，但 CASE 语句可用于测试其他字段，切换排序列的真或假.虽然可能需要多次查询，但攻击者可以确定该字段的值.

Taking advantage of SQL injection in ORDER BY clauses is tricky, but a CASE statement can be used to test other fields, switching the sort column for true or false. While it can take many queries, an attacker can determine the value of the field.

谁能解释一下?他们说将排序列切换为真或假"是很难理解的，因为我不明白这将如何使攻击者能够揭示另一个字段的值.

Can someone explain? The bit where they say "switching the sort column for true or false" is the one that is hard to understand because I don't get how that would enable an attacker to reveal the value of another field.

推荐答案

如果您正在尝试确定您知道在表中的字段的值，但没有在选择中返回，您可以按顺序迭代它通过，直到你得到价值:

If you are trying to determine the value of a field you know is in the table, but not being returned in the select you could iterate over it in the order by, until you get the value:

 ORDER BY CASE WHEN variableIdLikeToDiscover < 'N' then 1 else 0 end

然后看它是大于还是小于'N'.如果小于，接下来您可以尝试:

Then see whether it is greater than or less than 'N'. If it's less than, next you could try:

 ORDER BY CASE WHEN variableIdLikeToDiscover < 'F' then 1 else 0 end

依此类推，直到您(最终)确定了价值.

And so on and so forth until you have (eventually) determined the value.

这篇关于解释如何在 Rails 中利用 order 子句的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！