- A+
所属分类:WooYun-Zone
转:mysql syntax bypass some WAF
一个小tips,twitter上看见的:
一句话:
select{x table_name}from{x information_schema.tables}
测试:
mysql> select{x table_name}from{x information_schema.tables};
+----------------------------------------------------+
| table_name |
+----------------------------------------------------+
| CHARACTER_SETS |
| COLLATIONS |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS |
| COLUMN_PRIVILEGES |
| ENGINES |
..........
MySQL syntax select{x table_name}from{x information_schema.tables} sometimes is useful to bypass some WAF
— Sergey Bobrov (@Black2Fan) February 9, 2015
http://dev.mysql.com/doc/refman/5.6/en/date-and-time-literals.html#date-and-time-standard-sql-literals
http://dev.mysql.com/doc/refman/5.6/en/join.html#idm140714470997024
- 我的微信
- 这是我的微信扫一扫
-
- 我的微信公众号
- 我的微信公众号扫一扫
-
