An easy-to-ignore technique-MySQL bypasses anti-Injection

By Ay shadow
 

This method should also be known to many people, but no one has written it and secretly told you this.
The method can bypass many web firewalls, so I don't know if I can bypass them now, haha. However, the limitation of this method is that it is only applicable to MYSQL, and does not seem to be supported by other databases. Transfer subject:
First, let's take a look at the official MySQL documentation.
Html> http://dev.mysql.com/doc/refman/5.1/en/comments.html

You have read the details above. Below I will discuss some key parts:
/*! MySQL-specific code */
I,

In this case, MySQL Server parses and executes the code within the comment as it wowould any other SQL statement, but other SQL servers will ignore the extensions. for example, MySQL Server recognizes theSTRAIGHT_JOIN keyword in the following statement,
Other servers will not:
SELECT /*! STRAIGHT_JOIN */col1 FROM table1, table2 WHERE...
II,

If you add a version number after the "!" Character, the syntax within the comment is executed only if the MySQL version is greater than or equal to the specified version number. The TEMPORARY keyword in the following comment is executed only by servers
From MySQL 3.23.02 or higher:
CREATE /*! 32302 TEMPORARY */TABLE t (a INT );

The comment syntax just described applies to how the mysqld server parses SQL statements. the mysql client program also performs some parsing of statements before sending them to the server. (It does this to determine statement boundaries within a multiple-statement input line .)
Comments in this format ,/*! 12345 .. */, are not stored on the server. If this format is used to comment stored routines, the comments will not be retained on the server.
The use of short-form mysql commands such as C within multi-line /*...

*/Comments is not supported.

 

The first part mainly refers to /*! SQL statement */in this format, the SQL
The statement will be parsed like a normal statement,
 
 

We can see that the where id = 1 is parsed by mysql.

Part 2 :/*! 12345 SQL statement */
Translation: If! Followed by a string of numbers (these numbers are the version number of the mysql database). if the version number of the current database is greater than or equal to this number, the SQL statement is executed. Otherwise, the SQL statement is not executed,

 


Mysql I use is 5.1.57. When I use the version 50157, the where statement is executed.
 
When the number is greater than the version number I used, the where statement will not be executed... Xi, cut another figure:

 

Then, how to fill in other characters to bypass the firewall depends on your imagination.