Replace And Or in the injection statement

I used to study SQL courses. This is not a problem. I got a website RP with a good SA permission a few days ago.
It's easy to win the server, but the second day the administrator came up,

I have understood what the backdoor is, installed the firewall, and added an anti-injection system to the program -.-

Tools are useless! I can only use it manually. Unfortunately, I forgot about all the SQL statements! Or

I have to honestly review the information. There are still many methods to bypass the anti-injection system, but today I will refer to the replacement of these statements

.

(How to Determine the injection vulnerability, construct a logic expression for submission, and determine whether the returned content is true or false)

First, let's take a look at And, the most common one, And use it to test the vulnerability page. Let's take a look at the following example:

Directly access the normal result http://www.xxxxxx.com/show_news? Id = 10

Use and 1 = 1 to detect the page http://www.xxxxxx.com/show_news? Id = 10 and 1 = 1

The first is a normal page (if it is not normal, it will also detect the--of P), the second with a and 1 = 1 and returns the same normal page,

This is needless to say, because and 1 = 1 is always true, so of course the return is a normal page. Continue the third

Page Test, access http://www.xxxxxx.com/show_news? Id = 10 and 1 = 2. Another page or

If an error occurs, the injection vulnerability exists.

The or operator can be used instead of or when the anti-injection system filters and. Or detection rules are opposite to and,

Reference a classic saying "false is true or false ". When using and, we guess that the correct page returned by tables and columns exists. No

It does not exist. The opposite is true if or is used. If an error is returned during a guess, the returned result does not exist.

It is also easy to use or to detect Injection Vulnerabilities. Let's take a look at the following examples and click OK. According to the above rules:

Http://www.xxxxxx.com/show_news? Id = 10 normal access results

Http://www.xxxxxx.com/show_news? Id = 10 or 1 = 1 return another page or error

Http://www.xxxxxx.com/show_news? Id = 10 or 1 = 2 returns the same normal page

The above code can be used to determine whether the page has an injection vulnerability. In this case, you can use or to replace and to inject the page. We can continue.

I guess the work is coming soon. For example, you can use the following statement to guess whether the table admin exists,

Http://www.xxxxxx.com/show_news? Id = 10 or select * from admin

 

Other syntaxes are similar. You only need to modify the relevant statements.