Summary of MySQL injection bypass filtering techniques

First, let’s look at the GIF operation:

Case 1: Spaces are filtered

Use brackets () instead of spaces. Any statement that can calculate a result can be surrounded by brackets.

select * from(users)where id=1;

Use comments /**/ to bypass spaces;

select * from/**/users/**/where id=1;

Case 2: Limit from and certain character combinations

Add a dot after "from". That is, use "from." instead of "from".

select * from.users where id=1;

Then watch the GIF directly:

To put it simply, it means replacing the ' field name ' with hex ;

This reminds me of when I started learning SQL injection, I used load_file or into outfile , and often used hex to encode a sentence and then import it;

The single/double quotes are indeed omitted here, which is foolproof (we won’t mention magic_quotes_gpc() );

But at that time I was only concerned with the results. Today, when I was sorting out the previous data, I found this problem, but I was confused and didn't know why it was coded like this. Let's do it in practice:

You can clearly see the error message. The first single quote after select and the single quote before cmd in the sentence Trojan horse close the following statement and cause an error message.

Then convert it to hex , remove the quotation marks, and find that it can be written;

My machine doesn't give him permission here, so it will prompt that he can't write. It depends on the actual situation.

Summarize

The above is the full content of this article. I hope that the content of this article can be of some help to your study or work. If you have any questions, you can leave a message to communicate.