今天看一個項目代碼，文件不多，不過每個文件中都N多注入，一個一個看實在太累，索性花了點時間，弄了個正則表達式，搜索出來，然后再將安全的篩選出去。省了不少時間的說。 1.查找select、update、delete語句
((select|SELECT|update|UPDATE|delete|DELETE) .*(from|FROM|set|SET) .*(where|WHERE) .*) 查詢語句,對于沒有條件判斷的基本不存在注入問題，因而僅搜索此語句即可
例子：
select * from user where 2.簡單的數字型注入
((select|SELECT|update|UPDATE|delete|DELETE) .*(from|FROM|set|SET) .*(where|WHERE) .*=[ ]?["]?["]?\$) 能找到select、update delete三種語句，5種格式的整形注入，如：
直接變量傳入
select * from guess where id=$subject_id
update guess set is_valid=0 where id=$subject_id
delete from guess where id=$subject_id
=與變量之間存在空格
select * from guess where id= $subject_id
update guess set is_valid=0 where id= $subject_id
delete from guess where id= $subject_id
變量雙引號
select * from guess where id="$subject_id"
update guess set is_valid=0 where id="$subject_id"
delete from guess where id="$subject_id"
=與雙引號之間存在空格
select * from guess where id= "$subject_id"
update guess set is_valid=0 where id= "$subject_id"
delete from guess where id= "$subject_id"
=與引號、雙引號之間存在空格
select * from guess where id= " $subject_id"
update guess set is_valid=0 where id= " $subject_id"
delete from guess where id= " $subject_id"

版權聲明：本站文章來源標注為YINGSOO的內容版權均為本站所有，歡迎引用、轉載，請保持原文完整并注明來源及原文鏈接。禁止復制或仿造本網站，禁止在非maisonbaluchon.cn所屬的服務器上建立鏡像，否則將依法追究法律責任。本站部分內容來源于網友推薦、互聯網收集整理而來，僅供學習參考，不代表本站立場，如有內容涉嫌侵權，請聯系alex-e#qq.com處理。