Network Security Advanced Learning Lesson 13 - SQL Injection Bypass Posture

Enterprise 2023-09-19 11:15:09 views: null

Article directory

1. The equal sign is filtered
2. substr, mid, etc. are filtered
3. Commas are filtered
4. and/or is filtered
5. Spaces are filtered
5. Other bypass methods

1. The equal sign is filtered

1. Like, rlike statements, where rlike is a regular expression
2. Greater than sign >, less than sign <
3. Symbols <>: <> means not equal to !=
4. Use the regexp function
5、in
6、between

2. substr, mid, etc. are filtered

1、substring、substrB
2. locate(str1,str2)
Return the position where str1 string first appears in str2, if not, return 0;
- locate(str1,str2, pos)
  returns the position where pos (starting position) of str1 string appears in str2, if not, returns 0;
  pos must be greater than the first occurrence position to display the second occurrence position.
3. position(str1 in str2)
The usage is similar to locate. It returns the position where str1 string appears in str2. Otherwise, 0 is returned.
4. instr( string1, string2 )
#string1: Source string, search in this string.
#string2: The string to be found in string1.
5. lpad(string , length , pad_string), rpad(string , length , pad_string)
#string: the filled string, length: the length of the returned string, pad_string: the filled string, is an optional parameter

3. Commas are filtered

1. Use %EF%BC%8C
%EF%BC%8C. This is the Chinese comma. Most of it cannot be used, but some functions can be used.
2. Using from xx for xx
can generally be used in mid and substr functions.

4. and/or is filtered

Use &&, || or like

5. Spaces are filtered

1. Comment character bypass: //， -- ， /**/， #， --+， -- -， ;，%00，--a，/*!*/.
- 1.1. /*!*/It is an inline comment. As long as the number inside is larger than your data version, it will be distorted.
  
  My version here is 5.7.26,
  
  as shown in the picture / !23232user() / The user() in it will be executed. But when it is changed to 63232, it is larger than the version and cannot be executed. 这方法可以用来绕waf.
2. Bypass newline, for example, use %0a
3. Logical bracket bypassing

5. Other bypass methods

1. Case bypassing, such as User(), dAtaBASE(), SelEct, etc.
2. When filtering only once, double keywords such as selselectect, ununionion, oorr, etc. are bypassed.
3. When and/or+space is replaced by empty, andand+space (oror+space) is bypassed.
4. Encoding bypass: such as URLEncode encoding, ASCII, HEX, and unicode encoding bypass.

Guess you like

Origin blog.csdn.net/p36273/article/details/132141151

Network Security Advanced Learning Lesson 13 - SQL Injection Bypass Posture

sql injection bypass posture

Advanced Network Security Learning Lesson 14 - MSSQL Injection

Network Security Advanced Learning Lesson 11 - MySQL Manual Injection (2)

Network Security Advanced Learning Lesson 10 - MySQL Manual Injection

Network Security Advanced Learning Lesson 19 - CTF Cryptography

Advanced Network Security Learning Lesson 20 - File Operation and Steganography of CTF

[Network Security] SQL Injection--Error Injection

[Network Security] SQL Injection--Time Injection

SQL injection advanced practice (2) Common bypass methods and defense solutions

Network Security Advanced Learning Lesson 17 - Business Logic Vulnerability (Payment&&Authentication&&Password Retrieval)

sql injection bypass (updated)

Network Security SQL Injection Actual Combat

[Network Security] SQL Blind Injection? this one is enough

[Network Security] Preliminary Exploration of SQL Injection Vulnerabilities

[Network Security] Detailed Explanation of SQL Injection Vulnerabilities

【Network Security】Detailed Explanation of SQL Injection

SQL injection bypass the bypass principle --WAF

[Network Security] SQL Injection--Boolean Blind Injection

sql injection techniques to bypass common

SQL injection-WAF bypass

Web security offensive and defensive learning --08- (bypass SQL injection, XSS cross site scripting classification, use cookie session hijacking, XSS tampering with web links)

[Network Security] DVWA's Command Injection attack posture and problem-solving detailed analysis collection

360 Network Security study notes --SQL injection (b)

[sql injection-WAF bypass] write tamper of sqlmap for sql injection

SQL injection bypass means (study notes)

SQL Injection Defense - WAF Bypass Skills (5)

One article to understand sql injection bypass

Bypass Pagoda WAF and continue SQL injection tips

Remember a sql injection analysis and bypass [1]

Recommended

The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!

Ranking

Getting the basic concepts of ROS + catkin Profile

Spring Learning (2) --- Assembling Beans in the IoC Container

js to get the src attribute of the image regularly

STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud

Short video learning - 3, pandas simple use of pivot_table

Print directory of project configuration log, output log

Understand the difference between vi and vim in Linux in 3 minutes

1 + x certificate Web front-end development HTML5 special exercises

mangodb save and insert the difference

7-1 Family tree processing (50 points) (binary tree solution)

Daily

More

2024-05-13(8)

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)