A case filter
column, such as: the filtration and, order by character and the like
can change the case AnD 1 = 1 OrdER be bypassed
Write double bypass
If the keyword appears after the program replacement is empty, SQL injection does not occur, for this filtering policies can be used to bypass the double write
For example, there is a keyword union is replaced by empty, we can use double the bypass UNIunionON
Bypassing coding
using URl network line coding, filtering mechanism to bypass SQL injection
http://tool.chinaz.com/Tools/URLEncode.aspx?qq-pf-to=pcqq.temporaryc2c
within the chain bypassed comment
/ * union select * / comment will not be executed inside the content
/ *! union select * / will execute the contents inside
Sql comment character removed bypassing injection
mysql comment character:
- Single-line comments: - + or - spaces or #
- Multi-line comments: / ** /
In the Notes SQL injection process, play closed, double quotes single quotation marks, parentheses single, multi-functional bracket
Filter function
preg_replace (mixed $ pattern, mixed $ replacement, mixed $ subject); performing a regular expression search and replace
$ pattern: pattern to search for, can be a string or an array of strings
$ replacement: The replacement string or array of strings
$ subject: To search target character string or an array of alternative
For example:
preg_replace (SELECT, 1, select456) appears to select select456 replace 1 becomes 1456
See section filtering code, the input # id parameter passing in - will be replaced with nothing, can not be used to annotate these two
we can use or '1' = '1 comes close bypass single quote
Open Range Input '- + can be seen being given, the content did not commented later
use' or '1' = '1 successfully bypass
can be injected
/ sqli-labs-master / Less -23 / id? = -1 'union select 1, database ()' 3
from bypassing the filter and SQL injection and or
view the code, and will be replaced and the empty or
because later added a i, represents a case insensitive, bypassing sensitive exclude
Can be written using a double bypass oorr, two sensitive words add a comment to a / ** / nd, instead of using the symbols
and - && or- ||
Open Range normal injection, error or no
http://192.168.127.128/sqli-labs-master/Less-25/?id=1%27%20or%201=1%20-+
use || successful bypass
around SQL injection by removing spaces
to view source code range, a lot of SQL injection filter to use characters, symbols and spaces
to bypass the space strategy
encoding: hex, urlencode space URL encoding% 0a% 09 TAB key
% 0a create a new row
% 0c new page
% 0d return function
% 0b TAB construction (vertical)
Open range
input, the filter can be seen
replacing the space is replaced by% 0d or bypassing || success
/ sqli-labs-master / Less -26 /? Id = 1 '% 0d ||' 1
bypass the union removed SQL injection and select
to view the source range, s tabular case sensitive, and there is no filtering and or
sensitive bypassed