Wide byte injection: It is a way to bypass SQL injection
1. Wide byte concept:
1. Single-byte character set: all characters are used Represented by one byte, such as ASCII encoding (0-127)
In multi-byte character sets, some characters are composed of multiple bytes, while other characters are represented by a single byte (some characters may not single byte representation).
3. UTF-8 encoding: It is an encoding method (multi-byte encoding). It can use 1~4 bytes to represent a symbol, and the byte length changes according to different symbols.
4. Common wide bytes: GB2312, GBK, GB18030, BIG5, Shift_JIS GB2312 does not have wide byte injection, and codes with wide byte injection can be collected.
5. When using wide byte injection, a feature of mysql is used. When using GBK encoding, two characters will be considered to be one Chinese character.
2. addslashes() function
1. The addslashes() function returns a string with backslashes added before predefined characters.
2. Predefined characters: single quotation mark ('), double quotation mark ("), backslash (\), NULL
3. Example
https:/ /xxxxx?name=hello'
The single quotes entered were escaped and there is no way to escape
Then I looked at the page source code and request headers and found that the client encoding is gbk
Try to enter hello�', and the console reports an error indicating that the quotation marks are not closed. The following is the js code outside the structure, and comment out the following characters to make the syntax correct
3. Actual combat at the shooting range
1. First open the page, see the maintenance information, click in and observe that it has the id parameter, because the question is about wide byte injection
2. Directly enter the classic bypass method of wide byte injection: �', and you will see the error page,
3. Directly modify the id parameter in SQLmap for regular detection
4. The password is encrypted by MD5. After decryption, you can get the login password. After logging in, you will get the KEY
The above is the detailed content of What is wide byte injection in SQL injection?. For more information, please follow other related articles on the PHP Chinese website!