Byte wide bypassing summary
1, focus: the escape character backslash \, ASCII code 0x5C
2, in the double-byte character set, in \ front of increasing the high byte, as is the low byte 0x5C, combined into "kanji", resulting in \ symbol is "eaten", a subsequent escape character limit, bypassing escaped .
3, GB2312 encodings \ will not be "eaten."
Low byte character range 4, GBK, GB18030, BIG5 like double-byte character code set 0x5c byte width are injection presence / bypassed.
5, UTF encoding \ will not be "eaten"
6, the program Transcoding functions properly, there will be byte wide injection / bypass, which has nothing to do with the time encoded page
Example:
SQL injection after a business scenario, inject a single quotation mark, URL and the SQL statement is as follows:
http://example.com/index.php?username=alan’
-->
Select * from tb where username=‘alan\’’
The core problem is to put a backslash \ elimination, will inject characters are replaced% df ', URL and the SQL statement is as follows:
http://example.com/index.php?username=alan%df’
-->
Select * from tb where username=‘alan%df\’’
Since% df \ à% df% 5c à shipped, SQL statements in the end constituted as follows:
Select * from tb where username=‘alan運’’
% Df the system with injection of an automatic add backslash unicode characters constituting a character set of "Win", thereby eliminating the slash, so that the single quotation mark in front of a closed injection query.