MYSQL内联注释绕过WAF

in #cmd6 years ago

MYSQL内联注释绕过WAF

前言:

现在基本上是个网站都设置个waf ,一般都是通过一些注释啊 编码绕过

一些注释如下:

//, -- , /**/, #, --+, -- -, ;%00

这些都需要自己收集 积累

不过这些大多都不能用 内联注释还是可以用的

id=1/*!UnIoN*/SeLeCT
/*! code */来绕过
Sort:  

Congratulations @evil0x00! You have completed the following achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of upvotes

Click on the badge to view your Board of Honor.
If you no longer want to receive notifications, reply to this comment with the word STOP

Do you like SteemitBoard's project? Then Vote for its witness and get one more award!