360Webscan Bypass

来到select正则:

1
\<.+javascript:window\[.{1}\\x|<.*=(&#\d+?;?)+?>|<.*(data|src)=data:text\/html.*>|\b(alert\(|confirm\(|expression\(|prompt\(|benchmark\s*?\(.*\)|sleep\s*?\(.*\)|load_file\s*?\()|<[a-z]+?\b[^>]*?\bon([a-z]{4,})\s*?=|^\+\/v(8|9)|\b(and|or)\b\s*?([\(\)'"\d]+?=[\(\)'"\d]+?|[\(\)'"a-zA-Z]+?=[\(\)'"a-zA-Z]+?|>|<|\s+?[\w]+?\s+?\bin\b\s*?\(|\blike\b\s+?["'])|\/\*.*\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT@{0,2}(\(.+\)|\s+?.+?|(`|'|").*?(`|'|"))|UPDATE@{0,2}(\(.+\)|\s+?.+?|(`|'|").*?(`|'|"))SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE)@{0,2}(\(.+\)|\s+?.+?\s+?|(`|'|").*?(`|'|"))FROM(\(.+\)|\s+?.+?|(`|'|").*?(`|'|"))|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)|\/\*.*?\*\/|'

Bypass:

union select@1,2,3,4,5,6,7

union select@1=@1,2,3,4,5,6,7

insert正则部分:

1
INSERT\s+INTO.+?(VALUES|SET)

Bypass:

insert into t set cmd=123

posted @ 2014-11-02 23:27  anything good  阅读(656)  评论(0编辑  收藏  举报
孤 's 博客