Several Methods to bypass anti-Injection

1. Use the encoding technology to bypass

Such as urlencode and ASCII code bypass. For example, if or 1 = 1, % 6f % 72% 20% 31% 3D % 31, and test can also be char (101) + char (97) + char (115) + char (116 ).

2. Bypass with spaces

For example, if two spaces replace one space, use tab instead of space, or delete all spaces, such
Or swords = 'swords. Due to the loose nature of MSSQL, we can remove spaces between or swords without affecting the operation.

3. Use string judgment instead

Use the classic or 1 = 1 judgment bypass, such as or swords = swords. This method is discussed online.

4. Bypass by type conversion modifier N

It can be said that this is a good idea. In addition to bypassing the restrictions to some extent, it also has other functions. Let's think about it. For exploitation, such as or swords = n swords, the capital N tells MSSQL Server that the string is used as the nvarchar type, which plays the role of type conversion and does not affect the injection statement itself, however, the knowledge-based pattern matching IDs can be avoided.

5. disassemble the string by the plus sign to bypass

The results are worthy of research, but after all, they are a method. For example, or swords = 'sw + ords; Exec ('in + Sert into + ..... )

6. bypass through like

Why didn't you think of it before? Such as orswords like SW !!! Obviously, you can easily bypass the "=" ">" restriction ......

7. bypass through in

Similar to the above like idea, such as or swords in (Swords)

8. bypass through

For example, or swords between RW and TW

9. Pass> or <Bypass
Or swords> SW
Or swords <TW
Or 1 <3
......

10. Use the comment statement to bypass

Use/**/instead of space, such as Union/**/select/**/user, PWD, from tbluser
Use/**/to separate sensitive words, such as: U/**/nion/**/SE/**/lect/**/user, PWD from tbluser

11. Bypass with hex. Generally, IDS cannot be detected.
0x730079007300610064006d0069006e00 = hex (SysAdmin)
0x640062005f006f0077006e0065007200 = hex (db_owner)

12. case-insensitive swapping

Select can be written as select
Union can be written as union.

13. Multiple encoding combinations Bypass

Commonly used include base64, ASC, SQL, Hex, and URL encoding.

14. Bypass Using transit tools

You can use the transit tool of the hedgehog to bypass

15. Bypass with special character Filling

These special characters are interpreted as spaces in the same way as bypassing through spaces. They are generally used to bypass third-party firewall software.

16. Change attack methods

If the get submission cannot be bypassed, you can try to change the attack method. For example, post injection, searching for sub-sites, and nearby sites ...... If you have any questions, please feel free to contact me at qq814360954. I am happy to share with you the hacker technology.