本文记录一些MySQL注入一些等价函数
过滤 = 等号
REGEXP =>
MariaDB [test]> select `req.host` from flow where id = 581 AND 1 REGEXP 1;
+---------------------------+
| req.host |
+---------------------------+
| init-p01st.push.apple.com |
+---------------------------+
1 row in set (0.00 sec)
MariaDB [test]> select `req.host` from flow where id = 581 AND 1 REGEXP 2;
Empty set (0.00 sec)
MariaDB [test]> select `req.host` from flow where id = 581 AND 0xef LIKE 0xef;
+---------------------------+
| req.host |
+---------------------------+
| init-p01st.push.apple.com |
+---------------------------+
1 row in set (0.00 sec)
MariaDB [test]> select `req.host` from flow where id = 581 AND 0xef LIKE 0xea;
Empty set (0.00 sec)
过滤 LENGTH()
CHAR_LENGTH => OCTET_LENGTH() => CHARACTER_LENGTH() =>
MariaDB [test]> select char_length('s');
+------------------+
| char_length('s') |
+------------------+
| 1 |
+------------------+
1 row in set (0.00 sec)
MariaDB [test]> select char_length('admin');
+----------------------+
| char_length('admin') |
+----------------------+
| 5 |
+----------------------+
1 row in set (0.00 sec)