Summary of SQL Injection bypass techniques, SQL Injection Bypass

Summary of SQL Injection bypass techniques, SQL Injection Bypass

Preface

SQL Injection was a common vulnerability long ago. Later, with the improvement of security, SQL injection was rarely seen. However, today, many websites are running with SQL injection vulnerabilities. A friend with a little security awareness should know how to perform SQL Injection filtering.

There are many SQL Injection bypass techniques. The specific bypass technique depends on the specific environment, and many bypass methods require a real environment, it is best to use the environment you encounter during penetration testing. Otherwise, it is obviously unreliable if you just think about it out of thin air. This article summarizes the SQL Injection bypass skills I used in the CTF problem or the process of penetrating the environment. This article continues to improve with my knowledge and ability, more methods will be summarized.

I. quotation marks Bypass

The quotation marks are used in the final where clause. The following SQL statement is a simple statement used to query and obtain all fields in the users table.

select column_name from information_schema.tables where table_name="users"

If quotation marks are filtered out, the above where clause cannot be used. In this case, we need to use the hexadecimal mechanism to solve this problem.
The hexadecimal string of users is 7573657273. Then the final SQL statement is changed:

select column_name from information_schema.tables where table_name=0x7573657273

Conclusion: quotation marks can be bypassed in hexadecimal notation.

Ii. Comma Bypass

When using blind injection, you need to usesubstr(),mid(),limit. Use commas (,) for each of these clause methods. Forsubstr()Andmid()These two methods can be usedfrom to.

select substr(database(0 from 1 for 1);select mid(database(0 from 1 for 1);

Offset can be used to bypass limit.

Select * from news limit 0, 1 # is equivalent to the following SQL statement select * from news limit 1 offset 0

Conclusion: Using from can bypass commas

3. comparison operator (<,>) Bypass

Similarly, when blind injection is used, comparison operators must be used for binary search. If you cannot use the comparison operator, you need to use greatest to bypass it.

The most common SQL statement for blind injection.

select * from users where id=1 and ascii(substr(database(),0,1))>64

If the comparison operator is filtered out and the preceding blind injection statement cannot be used, you can use greatest to replace the comparison operator.Greatest (n1, n2, n3, etc)Function return input parameters(N1, n2, n3, etc).

Then the preceding SQL statement can be changed to the following clause using greatest:

select * from users where id=1 and greatest(ascii(substr(database(),0,1)),64)=64

Conclusion: Use greatest () to bypass the comparison operator.

Summary

Well, the above is all about the SQL Injection bypass technique. I hope this article will help you in your study or work. If you have any questions, please leave a message, thank you for your support.