今天看一个项目代码,文件不多,不过每个文件中都N多注入,一个一个看实在太累,索性花了点时间,弄了个正则表达式,搜索出来,然后再将安全的筛选出去。省了不少时间的说。
1.查找select、update、delete语句
((select|SELECT|update|UPDATE|delete|DELETE) .*(from|FROM|set|SET) .*(where|WHERE) .*)
查询语句,对于没有条件判断的基本不存在注入问题,因而仅搜索此语句即可
例子:
select * from user where
((select|SELECT|update|UPDATE|delete|DELETE) .*(from|FROM|set|SET) .*(where|WHERE) .*=[ ]?["]?["]?\\$)
能找到select、update delete三种语句,5种格式的整形注入,如:
直接变量传入
select * from guess where id=$subject_id
update guess set is_valid=0 where id=$subject_id
delete from guess where id=$subject_id
=与变量之间存在空格
select * from guess where id= $subject_id
update guess set is_valid=0 where id= $subject_id
delete from guess where id= $subject_id
变量双引号
select * from guess where id="$subject_id"
update guess set is_valid=0 where id="$subject_id"
delete from guess where id="$subject_id"
=与双引号之间存在空格
select * from guess where id= "$subject_id"
update guess set is_valid=0 where id= "$subject_id"
delete from guess where id= "$subject_id"
=与引号、双引号之间存在空格
select * from guess where id= " $subject_id"
update guess set is_valid=0 where id= " $subject_id"
delete from guess where id= " $subject_id"
![别轻易用现成的[U盘启动制作工具] 盗版风险大害你没商量](https://www.u-9.cn/wp-content/themes/ceomax-pro/timthumb.php?src=https://www.u-9.cn/wp-content/uploads/2023/12/2023120410150848.png&h=200&w=300&zc=1&a=t&q=100&s=1)
