Background-7 Wide byte injection
Less-32,33,34,35,36,37 Six is all about the ' and \ ' filters, so we put them together for discussion.
For the wide-byte injection of students should be a few of the bypass way should be more understanding. Here we introduce the principle and basic usage of wide-byte injection.
Principle: When using GBK encoding, MySQL will think that two characters are a Chinese character, for example,%AA%5C is a Chinese character (the previous ASCII code is greater than 128 to the range of Chinese characters). When we filter ', we tend to use the idea of converting ' to \ ' (the function or idea of conversion is introduced at each level).
Therefore, we are here to find a way to remove the ' front add ', there are two general ideas:
- %DF eat \ Specific reason is urlencode (' \) =%5c%27, we add%DF in front of%5c%27, form%df%5c%27, and the above mentioned MySQL in GBK encoding method will be two bytes as a Chinese character, this thing%df% 5c is a Chinese character,%27 as a separate symbol on the outside, but also to achieve our goal.
- Filter out \, for example,%**%5c%5c%27 can be constructed, and later%5c will be commented out by the previous%5c. This is also a way of bypass.
MySQL injects a wide byte into the heavenly book