MYSQL内联注释绕过WAF

in #cmd6 years ago

MYSQL内联注释绕过WAF

前言:

现在基本上是个网站都设置个waf ,一般都是通过一些注释啊 编码绕过

一些注释如下:

//, -- , /**/, #, --+, -- -, ;%00

这些都需要自己收集 积累

不过这些大多都不能用 内联注释还是可以用的

id=1/*!UnIoN*/SeLeCT
/*! code */来绕过
Sort:  

不懂 还是支持了

谢谢

有点行不通了

一些还是可以的

Congratulations @evil0x00! You have completed the following achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of upvotes

Click on the badge to view your Board of Honor.
If you no longer want to receive notifications, reply to this comment with the word STOP

Do you like SteemitBoard's project? Then Vote for its witness and get one more award!

Coin Marketplace

STEEM 0.15
TRX 0.16
JST 0.028
BTC 67807.24
ETH 2423.65
USDT 1.00
SBD 2.33