sql注入

sql注入

union:

concat:在两个跨表的查询union要保证两标列字段数目相同的时候但又想获取更多的字段信息用conca()拼接多个查询字段来组成一个组合查询字段


mysql> select id,username,score from users union select concat(user_id,0x232323,user,0x232323,last_name),1,2 from d
vwa.users;
+---------------------+------------+-------+
| id                  | username   | score |
+---------------------+------------+-------+
| 3                   | thonsun    |   110 |
| 4                   | tang       |     0 |
| 5                   | tang1      |    20 |
| 6                   | tang2      |   100 |
| 7                   | tang3      |    60 |
| 8                   | tangsheng  |     0 |
| 9                   | 123456     |     0 |
| 10                  | 123456     |     0 |
| 11                  | 1234564    |     0 |
| 12                  | 123456     |     0 |
| 13                  | 123456     |     0 |
| 14                  | tang123    |     0 |
| 15                  | thonsun1   |     0 |
| 16                  | thonsun123 |     0 |
| 17                  | thonsun12  |     0 |
| 18                  | admin      |    10 |
| 1###admin###admin   | 1          |     2 |
| 2###gordonb###Brown | 1          |     2 |
| 3###1337###Me       | 1          |     2 |
| 4###pablo###Picasso | 1          |     2 |
| 5###smithy###Smith  | 1          |     2 |
+---------------------+------------+-------+
21 rows in set (0.00 sec)

concat_ws:

group_concat:

SQL字节流编码绕过后实际执行

16位字符生成数字

python的字符编码应用

mysql> select unhex('73656c656374202a2066726f6d2075736572733b');
+---------------------------------------------------+
| unhex('73656c656374202a2066726f6d2075736572733b') |
+---------------------------------------------------+
| select * from users;                              |
+---------------------------------------------------+
1 row in set (0.03 sec)

mysql> select 0x73656c656374202a2066726f6d2075736572733b;
+--------------------------------------------+
| 0x73656c656374202a2066726f6d2075736572733b |
+--------------------------------------------+
| select * from users;                       |
+--------------------------------------------+
1 row in set (0.00 sec)

mysql> select 73656c656374202a2066726f6d2075736572733b;
ERROR 1054 (42S22): Unknown column '73656c656374202a2066726f6d2075736572733b' in 'field list'
mysql> select hex('hello world');
+------------------------+
| hex('hello world')     |
+------------------------+
| 68656C6C6F20776F726C64 |
+------------------------+
1 row in set (0.05 sec)

# python中的 进制转换
>>> bin(int('0x1e1e1e1e0f0f0f0f',16))
'0b1111000011110000111100001111000001111000011110000111100001111'
>>> bin(int('0x1e1e',16))
'0b1111000011110'
>>>

SQL注入防御

unhex编码变为一个完整的字符串

mysql预查询

posted on 2018-10-30 12:25  thonsun  阅读(123)  评论(0)    收藏  举报