http://www.jackxiang.com/index.php zh-cn http://www.jackxiang.com/post// jack <xdy108@126.com> Thu, 30 Sep 2010 04:05:54 +0000 http://www.jackxiang.com/post// ((select|SELECT|update|UPDATE|delete|DELETE)+.*(from|FROM|set|SET)+.*(where|WHERE)+.*)

查询语句,对于没有条件判断的基本不存在注入问题，因而仅搜索此语句即可
例子：
select * from user where

2.简单的数字型注入
((select|SELECT|update|UPDATE|delete|DELETE)+.*(from|FROM|set|SET)+.*(where|WHERE)+.*=[ ]?["]?["]?\$)

能找到select、update delete三种语句，5种格式的整形注入，如：
直接变量传入
select * from guess where id=$subject_id
update guess set is_valid=0 where id=$subject_id
delete from guess where id=$subject_id
=与变量之间存在空格
select * from guess where id= $subject_id
update guess set is_valid=0 where id= $subject_id
delete from guess where id= $subject_id
变量双引号
select * from guess where id="$subject_id"
update guess set is_valid=0 where id="$subject_id"
delete from guess where id="$subject_id"
=与双引号之间存在空格
select * from guess where id= "$subject_id"
update guess set is_valid=0 where id= "$subject_id"
delete from guess where id= "$subject_id"
=与引号、双引号之间存在空格
select * from guess where id= " $subject_id"
update guess set is_valid=0 where id= " $subject_id"
delete from guess where id= " $subject_id"

来源：http://www.am82.com/houzan/archives/1844 ]]> http://www.jackxiang.com/post//#blogcomment <user@domain.com> Thu, 01 Jan 1970 00:00:00 +0000 http://www.jackxiang.com/post//#blogcomment