Shulou(Shulou.com)05/31 Report--

This article mainly shows you "what is wide-byte injection in SQL injection", which is easy to understand and well-organized. I hope it can help you solve your doubts. Let me lead you to study and learn "what is wide-byte injection in SQL injection".

Wide byte injection: a bypass method that belongs to SQL injection

First, the concept of wide bytes:

1. Single-byte character set: all characters are represented by one byte, such as ASCII encoding (0-127).

2. Multi-byte character set: in a multi-byte character set, one part of the byte is represented by multiple bytes and the other part (maybe not) is represented by a single byte.

3. UTF-8 coding: it is a coding method (multi-byte coding). It can use 1 to 4 bytes to represent a symbol and vary the byte length according to different symbols.

4. Common wide bytes: GB2312, GBK, GB18030, BIG5, Shift_JIS GB2312 do not have wide byte injection, so you can collect encodings with wide byte injection.

5. A feature of mysql is used in wide byte injection. When GBK coding is used, two characters are considered to be one Chinese character.

Second, addslashes () function

1. The addslashes () function returns a string that adds a backslash before a predefined character.

2. Predefined characters: single quotation mark ('), double quote ("), backslash (\), NULL

3. Examples

Https://xxxxx?name=hello%27

The single quotation mark entered has been escaped, and there is no way to escape.

Then I looked through the source code and the request header of the next page, and found that the client code was gbk.

Try to enter the hello%df%27,console error prompt that the quotation marks are not closed, followed by the constructed js code, and comment out the following characters to make the syntax correct

III. Actual combat in the shooting range

1. First, open the page, see the maintenance information, and click in to see it with the id parameter, because the title means wide byte injection.

two。 Enter the wide byte injection classic bypass method directly:% df', to see the error page

3. Modify id parameters directly in SQLmap for routine detection

4. The password is encrypted by MD5. After decryption, you can get the login password, and log in to get KEY.

The above is all the content of the article "what is wide byte injection in SQL injection". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.