当前位置:网站首页>[SQL injection] extended injection method
[SQL injection] extended injection method
2022-07-27 01:35:00 【Atzxc red blue confrontation】
1、 Wide byte Injection
Wide byte injection is not exactly an injection method , But another special case . The purpose of wide byte injection is to escape around single and double quotation marks , With sqli-labs-32 Guan as an example
analysis :
You can see it in this interface , The characters we entered , Is encoded
The encoding format is hexadecimal of decimal digits of corresponding characters
When we check whether there are injection points , The system escaped our single quotation marks , It's through \ Escaped
Then it was coded by the system
resolvent :
Because this code is encoded by hexadecimal , We can do that by using “ Eat the backslash way ” To inject
namely , Inject one more encoded character into this value , Let its backslash form garbled
After closing , It is found that the following syntax can be executed
https://192.168.79.147/sqli-labs/Less-32/?id=1%81' and 1=2 union select 1,version(),database() --+
2、Cookie Inject
The injection point is Cookie In the data , With sqli-labs-20 Guan as an example .
Use Burp Suite Grab the bag , I found that there was a wrong report , And the parameter we entered appears in the error report , It can be concluded that it is character injection , Single quote closure
Echo point found , Using federated queries
Found that you can find
3、base64 Inject
Need to carry out base64 code , take Cookie The values in base64 After the coding , To perform
Perform injection tests , I found that when using double quotation marks , Error message , And it's character injection 
Use statements for joint queries , Found echo point
At this time, you can query information
Coding process 
success 
4、User-Agent Inject
18 Turn off
5、Referer Inject
You can know from the page information that this is a Referer Inject
You can see that it is a string that needs to be paired
Because there is an error message , You can use error injection
Referer: atzxc' and updatexml(1,concat(0x5e,(select version()),0x5e),1) and '1Find out the database information
边栏推荐
- Problem feedback: the synchronization of mobile app failed: the external changes of the data warehouse were damaged. The iPad app also downloaded the warehouse as soon as it was opened, and then flash
- Mqtt---- bottom (precautions)
- Unity uses navmesh to realize simple rocker function
- Introduction to mathematical modeling - from real objects to mathematical modeling [2]
- Unity[1] 学习目录
- AssetBundle遇到的坑
- ESP8266 STA_Server
- Pit encountered by AssetBundle
- Jenkins -- Basic -- 5.1 -- system configuration -- plug-in management
- Complexity OJ question
猜你喜欢
ESP8266 STA_TCP_Client
Esp8266 access to cloud platform ----- DNS domain name connection server
Jenkins -- Basic -- 5.1 -- system configuration -- plug-in management
MySQL closes the problem of automatic submission of connection transactions
Adding, deleting, checking and modifying dynamic sequence table with C language
Network foundation of software test interview questions
![【unity】Unity界面scene视图[1]](/img/5a/c34ff09ef1ddba4b65c7873775c251.png)
【unity】Unity界面scene视图[1]
Plantcv Chinese document
RS485 signal measurement
SQL relational algebra - Division
随机推荐
Unity 一个好用的UI灰度Shader
3. Boxing champion Ali
【无标题】
XPath of software test interview questions
15、 Expect
Software Foundation of software test interview questions
6. The world cup is coming
1. Mode
[by pass] bypass method of file upload
Basic DOS commands
[SQL injection] joint query
FaceNet
Code merging of centralized version control tools
7、 Loop statement
九、冒泡排序
[untitled]
Some simple extension methods commonly used by unity
【Oracle】获取最近工作日及前N个工作日
六、if语句
iptables 防火墙(一)