Shulou(Shulou.com)05/31 Report--

This article mainly introduces the example analysis of SQL injection bypass, which has a certain reference value, and interested friends can refer to it. I hope you will gain a lot after reading this article.

Preface

Sql injection was a common vulnerability a long time ago. Later, with the improvement of the level of security, sql injection has been rarely seen. But today, there are still many websites running with sql injection vulnerabilities. Friends with a little bit of security awareness should know how to do sql injection filtering.

There are many SQL injection bypass techniques, specific bypass techniques need to look at the specific environment, and many bypass methods need to have a real environment, preferably the environment you encounter in the process of penetration testing, otherwise it is obviously unreliable if it is only in your own imagination.

First, bypass the quotation marks

Where quotation marks are used is in the last where clause. Such as the following sql statement, this statement is a simple statement to check and select all the fields in the users table.

Select column_name from information_schema.tables where table_name= "users"

If the quotation marks are filtered at this point, the above where clause cannot be used. So if you encounter such a problem, you have to use hexadecimal to deal with this problem.

Users's hexadecimal string is 7573657273. Then the final sql statement becomes:

Select column_name from information_schema.tables where table_name=0x7573657273

Summary: use hexadecimal to bypass quotation marks

Second, comma bypass

When using blind injection, you need to use substr (), mid (), limit. These clause methods all need to use commas. The two methods substr () and mid () can be solved using from to.

Select substr (database (0 from 1 for 1); select mid (database (0 from 1 for 1))

For limit, you can use offset to bypass.

Select * from news limit 0 is equivalent to the following SQL statement select * from news limit 1 offset 0

Summary: use from to bypass commas

3. Bypass the comparison character ()

Also when using blind injection, when using binary search, you need to use the comparison operator to find. If you can't use the comparison operator, you need to use greatest to bypass it.

The most common blind sql statement.

Select * from users where id=1 and ascii (substr (database (), 0meme 1)) > 64

At this point, if the comparison operator is filtered and the above blind note statement cannot be used, you can use greatest instead of the comparison operator. The greatest function returns the maximum value of the input parameters (N1, n2, etc.).

Then the above sql statement can be changed to the following clause using greatest:

Select * from users where id=1 and greatest (ascii (substr (database (), 0Pol 1)), 64) = 64

Summary: use greatest () to bypass the comparison operator.

Thank you for reading this article carefully. I hope the article "sample Analysis of SQL injection Bypass" shared by the editor will be helpful to you. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.