4.1.5. Bypass TechniquesΒΆ

  • encoding bypass

    • case

    • url encoding

    • html encoding

    • hex encoding

    • unicode encoding

  • comment

    • // -- -- + -- - # /**/ ;%00

    • Inline comments are used more, it has a feature /!**/ that only MySQL can recognize

    • e.g. index.php?id=-1 /*!UNION*/ /*!SELECT*/ 1,2,3

  • when filtered only once

    • union => ununionion

  • Replacement of the same function
    • function substitution

      • substring / mid / sub

      • ascii / hex / bin

      • benchmark / sleep

    • variable substitution

      • user() / @@user

    • Symbols and Keywords

      • and / &

      • or / |

  • HTTP parameters
    • HTTP parameter pollution

      • id=1&id=2&id=3 There will be different results depending on the container

    • HTTP Split Injection

  • buffer overflow

    • Some C-language WAFs handle a limited string length, and the payload beyond a certain length may not be processed

  • When the secondary injection has a length limit, change the length of the field in the database by executing multiple sentences.