SQL Injection Bypass Tips

Common techniques for bypassing

1) Double Write

2) coding

3) Case-write mixed

4) function instead

5) Notes

Specific scenario Bypass

The following records some specific detection scenarios of the Bypass

0x00 Filters The Spaces

Whitespace is a delimiter in SQL statements, so it is important to be able to parse SQL statements.

If it is filtered, try to encode (%20) can not pass, can only find a replacement, the following list of some alternative

1) Tab key (%09%0b)

2) line break (%0a)

3) page change (%0c)

4) Enter (%0D)

5) Brackets

6) quotation marks

7) Anti-quote

0x01 Filters the comma

When we inject, the use of commas is mainly truncation function, limit

1) Truncation function

SUBSTR (Database () from 1 for 1)

Eg:select substr (user from 2 to 1) from users where user_id=1 limit 0, 1;

Description: Start with a 2-point mark and intercept a 1-length string

2) limit

Use offset

Eg:select * from users where user_id=1 limit 1 offset 0;

Description: Get 1 rows starting from the 0-point mark

3) Join

We can put the data in a single output table and then use Jion to spell it up

Eg:union Select 1,2,3,4,5

--Union SELECT * FROM ((Selet 1) Join (select 2) Join (select 3) Join (select 4) Join (select 5))

(not to be continued)

SQL Injection Bypass Tips