概述
当and被过滤时我们可以使用&&进行替换
mysql> select * from fristtb where id= 1 and sex=0x01;
+----+------------+---------------------+
| id | sex | birthday |
+----+------------+---------------------+
| 1 | 0x01 | 2001-01-20 00:00:00 |
+----+------------+---------------------+
1 row in set (0.00 sec)
mysql> select * from fristtb where id= 1 && sex=0x01;
+----+------------+---------------------+
| id | sex | birthday |
+----+------------+---------------------+
| 1 | 0x01 | 2001-01-20 00:00:00 |
+----+------------+---------------------+
1 row in set, 1 warning (0.00 sec)
当or被过滤时可以使用||替换
mysql> select * from fristtb where id= 1 || sex=0x01;
+----+------------+---------------------+
| id | sex | birthday |
+----+------------+---------------------+
| 1 | 0x01 | 2001-01-20 00:00:00 |
| 2 | 0x01 | 2001-01-20 00:00:00 |
+----+------------+---------------------+
2 rows in set, 1 warning (0.00 sec)
mysql> select * from fristtb where id= 1 or sex=0x01;
+----+------------+---------------------+
| id | sex | birthday |
+----+------------+---------------------+
| 1 | 0x01 | 2001-01-20 00:00:00 |
| 2 | 0x01 | 2001-01-20 00:00:00 |
+----+------------+---------------------+
2 rows in set (0.00 sec)
如果union被过滤时同样可以使用 || 进行拼接
mysql> select * from fristtb where id=1 || (select count(*) from fristtb)>0;
+----+------------+---------------------+
| id | sex | birthday |
+----+------------+---------------------+
| 1 | 0x01 | 2001-01-20 00:00:00 |
| 2 | 0x01 | 2001-01-20 00:00:00 |
| 3 | 0x00 | 2001-01-20 00:00:00 |
+----+------------+---------------------+
3 rows in set, 1 warning (0.00 sec)
当where被过滤时,使用 limit 来进行代替
mysql> select * from fristtb where id =1;
+----+------------+---------------------+
| id | sex | birthday |
+----+------------+---------------------+
| 1 | 0x01 | 2001-01-20 00:00:00 |
+----+------------+---------------------+
1 row in set (0.00 sec)
mysql> select * from fristtb limit 1,1;
+----+------------+---------------------+
| id | sex | birthday |
+----+------------+---------------------+
| 2 | 0x01 | 2001-01-20 00:00:00 |
+----+------------+---------------------+
1 row in set (0.00 sec)
可以看到整个结果和where一致
limit有两参数的一个是数据序列号,第二个是你查询的数据量
当limit函数也被过滤时可以使用group by 函数代替
mysql> select id,min(sex),min(birthday) from fristtb group by id having id =1;
+----+--------------------+---------------------+
| id | min(sex) | min(birthday) |
+----+--------------------+---------------------+
| 1 | 0x01 | 2001-01-20 00:00:00 |
+----+--------------------+---------------------+
1 row in set (0.00 sec)
group by 是创建一个虚拟的表,虚拟的条件是重fristtb表中取一个id=1的值,min(sex)在表的内部,min是一个list,不是一个单个的值
最后
以上就是酷酷蜗牛为你收集整理的SQL注入之如何绕过and,union,where,limit过滤绕过的全部内容,希望文章能够帮你解决SQL注入之如何绕过and,union,where,limit过滤绕过所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复