Regarding spaces, there are many alternative methods, such as TAB spaces and /**/ in SQL databases, but I have found another alternative method, which has been published in the 2006.7 issue of "Hacker Manual". Here we choose the essence and let's take a look!
For SQL statements, everyone is still accustomed to their spaces, such as select id from [name]. If there are no spaces in the middle, it becomes selectidfrom[name], and it is a bunch of confusion! In addition to the alternative methods of a few spaces mentioned above, I found that using () brackets can also be run in SQL. For example, the above statement can be written as select(id)from[name], separated by brackets, and can be executed normally.
For example, we get an injection point:?name=aa'and 1=1 and ''=', if you replace the statement that 1=1 is the query administrator's password: (select asc(mid(pass,1,1)) from [name] where id=1)>49. How to use spaces? Actually it can be written like this:
?name=aa'and((select(asc(mid(pass,1,1)))from[name]where(id=1))>49)and''='
If the < and > symbols are blocked, use between…and…, and the statement is:
?name=aa'and((select(asc(mid(pass,1,1)))from[name]where(id=1))between(40)and(50))and''='
For places where spaces should appear in the middle, use () to replace them, but it is not easy to use for very complex SQL statements. The above mentioned is character type. If it is a numeric type, you can add a bracket after id=1. However, I have not tested this, for example:?id=(1)and(select......). It should be feasible, right?
Haha, let’s summarize and share it with friends on LOVESHELL.
For SQL statements, everyone is still accustomed to their spaces, such as select id from [name]. If there are no spaces in the middle, it becomes selectidfrom[name], and it is a bunch of confusion! In addition to the alternative methods of a few spaces mentioned above, I found that using () brackets can also be run in SQL. For example, the above statement can be written as select(id)from[name], separated by brackets, and can be executed normally.
For example, we get an injection point:?name=aa'and 1=1 and ''=', if you replace the statement that 1=1 is the query administrator's password: (select asc(mid(pass,1,1)) from [name] where id=1)>49. How to use spaces? Actually it can be written like this:
?name=aa'and((select(asc(mid(pass,1,1)))from[name]where(id=1))>49)and''='
If the < and > symbols are blocked, use between…and…, and the statement is:
?name=aa'and((select(asc(mid(pass,1,1)))from[name]where(id=1))between(40)and(50))and''='
For places where spaces should appear in the middle, use () to replace them, but it is not easy to use for very complex SQL statements. The above mentioned is character type. If it is a numeric type, you can add a bracket after id=1. However, I have not tested this, for example:?id=(1)and(select......). It should be feasible, right?
Haha, let’s summarize and share it with friends on LOVESHELL.