2015-02-10 21:20:12

[zone]mysql 语法绕过一些WAF

转:mysql syntax bypass some WAF

一个小tips,twitter上看见的:

一句话:

select{x table_name}from{x information_schema.tables}
测试:
mysql> select{x table_name}from{x information_schema.tables};
+----------------------------------------------------+
| table_name                                         |
+----------------------------------------------------+
| CHARACTER_SETS                                     |
| COLLATIONS                                         |
| COLLATION_CHARACTER_SET_APPLICABILITY              |
| COLUMNS                                            |
| COLUMN_PRIVILEGES                                  |
| ENGINES                                            |
..........

https://twitter.com/Black2Fan/status/564746640138182656

http://dev.mysql.com/doc/refman/5.6/en/date-and-time-literals.html#date-and-time-standard-sql-literals

http://dev.mysql.com/doc/refman/5.6/en/join.html#idm140714470997024

发表回复