Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Web5: SQL injection - Some techniques to bypass the filtering mechanism
1. Truncate the content of the query
In case you want to ignore the scripts in the query. For example, for the following processing, the query requires active=1 condition but we can comment (--, -- -, -+, #, /*, /**/, // , ;%00…) and ignore it. When mining, we often don't know what the rest of the query does, so using comments in this case is very effective.
After commenting, our query becomes:
2. Bypass the filtering of keywords
a. Inline Comments
Inline comments are used very effectively in bypassing whitespace filtering. The following characters can be used to bypass whitespace filtering: /**/, %20, %09, %0a, %0b, %0c, %0d, %a0). For example:
Or bypass keyword filtering (available with MySql). In the example below, the keyword union and password are in the blacklist and have been blocked, we can bypass it by:
b. Replace keywords
When exploiting SQL injection we often use keywords like: union, select, information_schema. In many cases programmers simply replace those keywords:
We can easily see that the above processing code is lacking. If it's simply pattern matching, the bypass is extremely simple. Let's apply case sensitive, where uppercase and lowercase letters are interpreted differently.
Now instead of using the keyword:
select, union… We will use:
SeLEcT, UniOn…The basis of this bypass is that database management systems are not case sensitive for keywords.
In some cases, the web application will filter out all or part of certain keywords (union, select.). We will bypass as follows:
id=1+uniunionon+SeLselectecT+1,2,3-- -After the union and select are filtered out by the web application, we will be left with the following correct query:
id=1+union+SeLecT+1,2,3-- -c. Character encoding
We can bypass when WAF (Web Application Firewall) blocks keywords by encoding them. Many WAF applications will only decode the query once and filter out the keywords in the blacklist, then let's encode the request twice so it can be bypassed in this case.
3. Bypass blocks single and double quotes
- Let's look at an example before learning specifically how to bypass this.
In this scenario, we already know a table in the database named users. The next job is to know the column name in the table to get its information. As in the above query, we use the condition: table_name='users'. But if both single quotes (') and double quotes (") are blocked by WAF, we can no longer use 'users' or "users". The built-in database system gives us a very good function to solve this problem, which is the CHAR() function (for Oracle, CHR()). For example, in the above query we will bypass by:
PHP programmers are all familiar with the addslashes() function. The addslashes() function has the effect of prepending special characters such as single quotes ('), double quotes ("), backslash(), NUL (null bytes) character "" to help the database management system not So, when we want to inject the query according to the script: name='someName' or '1'='1'-- the result is difficult and confusing. The results are no longer what we expected.
However, there is a technique to bypass the addslashes() function to inject the apostrophe ('). This technique has been public for quite some time, and to implement this technique is quite difficult because it is tied to the coding style applied to the website.
4. Bypass "illegal mix of collation for operation UNION" error
In some management systems (usually found in MySql), databases and tables when collation is set, when using the UNION keyword, the error "illegal mix of collation for operation UNION" will be reported. The setting of collation (collation font collation) can be intentional by the database designer or by default setting of MySql. In the case of a union, we must ensure that the select value in each field must have the corresponding code type defined. In my opinion, this error is quite common, especially for CMSs running Apache MySql. People can learn more at: http://bugs.mysql.com/bug.php?id=57926.
In this case we can use conversions to the appropriate encoding.
For example in the following case:
In the above query, if column1 has been set to collation as Unicode-UTF8 or _latin1 for example, then what is selected from column2 will have to be converted to the corresponding code. We can force it like this:
Do we see the downside in this bypass that we have to know that the collation code is _latin1. A better way to bypass is to use hex and unhex encoding and decoding functions.
There are many other functions that can be used in place of hex and unhex.
Jessica TannerYou should read it
- Web6: SQL Injection - Some Exploit Tools
- Web4: SQL injection - Exploitation steps
- Learn about SQL Injection and how to prevent it
- What is Fault Injection Attack (FIA)? Is it worrisome?
- WordPress plugins with more than 300,000 pages that use vulnerabilities are vulnerable to SQL Injection attacks
- What is AI Prompt Injection attack?
- Discuss IFrame Injection Attacks
- Block hacker SQL Injection with ASP
May be interested
- Discuss IFrame Injection Attacks
the type of attack technique iframe injection is still the most basic and popular form of cross-site scripting - xss model . - WordPress plugins with more than 300,000 pages that use vulnerabilities are vulnerable to SQL Injection attacksthe sql injection attack capability was found on one of wordpress's most popular plugins, currently installed on more than 300,000 websites. hackers can exploit to steal databases and hijack remote sites.
- Protecting the network through web content filteringin this tutorial we will show you some network data filtering options to protect home or small business networks by blocking content for adults only.
- The new Vista firewall is not sure of the output securitymicrosoft has introduced windows vista as a new version that offers more security features than windows xp, one of which is new firewall techniques such as two-way filtering (i / o).
- What is AI Prompt Injection attack?ai prompt injection attacks poison the output from the ai tools you rely on, changing and manipulating its output into something harmful.
- Block hacker SQL Injection with ASPsql injection is a hacker 's attack tool to steal vital, vital information of vulnerable organizations and companies.
- Why use sender domain filtering rules in email?while most people rely on basic folders or labels, there is a more powerful solution hiding in plain sight: domain filter rules, but surprisingly few people know about them.
- How to remove duplicates in excelto delete the same lines and figures in excel data sheet, we can use available features like remove duplicate or manually delete through the hightlight section.
- There are vulnerabilities that allow hackers to bypass the fingerprint security mechanism of Lenovo computersthe fingerprint manager pro program of microsoft windows 7, 8 and 8.1 allows users to store data, log in personal accounts on websites, log in to a lenovo computer via fingerprint there are many vulnerabilities that may allow hackers to access user sensitive data.
- Why is Gmail filtering good spam?most people who have used many different email services have confirmed that gmail has a fast, smooth and compact interface, especially spam filtering very well. so why does gmail have such good email filtering capabilities? recently google revealed a part of the technology it is applying.
Web6: SQL Injection - Some Exploit Tools
Free VPN: Is There More?
Pros and cons of passwordless authentication
What is DNS Amplification Attack?
Connecting over HTTPS is not necessarily safe
What is Teardrop attack?