MYSQL内联注释绕过WAF

evil0x00 (43)in #cmd • 7 years ago

MYSQL内联注释绕过WAF

前言:

现在基本上是个网站都设置个waf ,一般都是通过一些注释啊编码绕过

一些注释如下:

//, -- , /**/, #, --+, -- -, ;%00

这些都需要自己收集积累

不过这些大多都不能用内联注释还是可以用的

id=1/*!UnIoN*/SeLeCT

/*! code */来绕过

#cn-curation #cn #cn-malaysia #cn-funny

7 years ago in #cmd by evil0x00 (43)

Sort:

jonesnow (33) 7 years ago

看起来很厉害

$0.03

9 votes

[-]

evil0x00 (43) 7 years ago

呃.....

$0.03

9 votes

[-]

alibabab (29) 7 years ago

不懂还是支持了

$0.03

8 votes

[-]

evil0x00 (43) 7 years ago

谢谢

$0.02

5 votes

[-]

manager0 (27) 7 years ago

有些不能用了

$0.03

8 votes

[-]

evil0x00 (43) 7 years ago

谢谢

$0.02

5 votes

[-]

ustd (44) 7 years ago

有点行不通了

$0.02

6 votes

[-]

evil0x00 (43) 7 years ago

一些还是可以的

$0.02

5 votes

[-]

root0x00 (41) 7 years ago

学习方法

$0.00

4 votes

[-]

kcon (29) 7 years ago

你好

$0.00

2 votes

[-]

steemitboard (66) 7 years ago

Congratulations @evil0x00! You have completed the following achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of upvotes

_{Click on the badge to view your Board of Honor.}
_{If you no longer want to receive notifications, reply to this comment with the word STOP}

Do you like SteemitBoard's project? Then Vote for its witness and get one more award!

$0.00