Skip to content
/ YourVulnerableCode Public

YourVulnerableCode是Springboot搭建用来学习各种白盒代码审计中常见漏洞的项目

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

k-vulner/YourVulnerableCode

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
gradle/wrapper
gradle/wrapper
 
 
lib
lib
 
 
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 
settings.gradle
settings.gradle
 
 

Repository files navigation

ibatis中如何使用#来进行模糊查询 https://www.cnblogs.com/gaojing/archive/2012/11/22/2844932.html 无效的方法: select * from table1 where name like '%#name#%' 两种有效的方法: 1) 使用$代替#。此种方法就是去掉了类型检查,使用字符串连接,不过可能会有sql注入风险。 select * from table1 where name like '%$name$%' 2) 使用连接符。不过不同的数据库中方式不同。 mysql: select * from table1 where name like concat('%', #name#, '%') oracle: select * from table1 where name like '%' || #name# || '%' sql server: select * from table1 where name like '%' + #name# + '%' mybatis的话类似##变为#{}

About

YourVulnerableCode是Springboot搭建用来学习各种白盒代码审计中常见漏洞的项目

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages