Using MySQL implicit type conversion in SQL injection to bypass WAF Detection

Web applications generally use form-based authentication (as shown in Figure). The processing logic is to pass the user name and password submitted in the form to the background database for query, determine whether the authentication is successful Based on the query results. For web applications with LAMP architecture, PHP is used for processing logic, and MySQL is used for background databases. In this process, due to poor processing, many serious vulnerabilities may occur. Apart from weak passwords and brute-force cracking, the most common one is SQL injection. SQL injection can be performed inSQLNuke -- mysql injection load_file Fuzz ToolThe focus of this blog is to use MySQL's invisible type conversion to bypass WAF detection. The following example shows the process. Bytes

 

Id = "form1" name = "form1" method = "post" action = "login. php">
UserName
Name = "user" type = "text" id = "user"/>



Password
Name = "password" type = "text" id = "password"/>




Name = "login" type = "submit" id = "login" value = "Login"/>


(2) login. php Authentication