Mysql下可能存在注入的点。

　　总结下mysql下可能存在注入的点,适用于mssql和oracle，先写语句，以后再写语句可能出现在哪些场景下:

　　针对查询:

select * from x where id=*

select * from x where id='*'

　针对删除:

delete from x where id=*

delete from x where id='*'

　针对修改:

update x set name='*'

update x set name='x',x='*' where id=x

针对插入:

insert into x values(1,'*')

insert into x(id,name) values(1,'*')

针对搜索查询(like):

select * from x  where name like '*%'

select * from x  where name like '%*%'

select * from x  where name like '%*'

针对排序(order by):

select * from x order by *

针对统计(group by):

select from x group by *

针对in:

select * from user1 where id in (1,*)

select * from user1 where id in ('1','*')

针对limit:

select * from x limit *

select * from x limit 0,*

select * from x order by id limit *

select * from x order by id limit 0,*

　针对数组key:

function addslashes_array($value) { return is_array($value) ? array_map('addslashes_array', $value) : addslashes($value); } print_R($_GET); foreach ($_GET AS $key => $value) { print $key; } ?> ....

假设http://*.com/test=123,代码中过滤了value没有过滤key,白盒/fuzz中可以通过http://*.com/test'=123注入

暂时先总结这么多。注入的时候可能遇到的一些。

巴特西

Mysql下可能存在注入的点。

最新文章

热门文章