Penetration_Testing_POC/books/怒绕三个WAF注入的小故事.html

<!DOCTYPE html> <html style><!--
 Page saved with SingleFile 
 url: https://forum.butian.net/share/3078 
--><meta charset=utf-8>
<meta http-equiv=X-UA-Compatible content="IE=edge">
<meta name=viewport content="width=device-width, initial-scale=1">
<meta name=csrf-token content=aET57C3apINT7deab4K0X8xd1o2idsLpex7xy4Kn>
<title>怒绕三个WAF注入的小故事</title>
<meta name=keywords content=奇安信,天眼,补天,漏洞,情报,攻防,安全>
<meta name=description content=奇安信攻防社区-怒绕三个WAF注入的小故事>
<meta name=author content="QIANXIN Team">
<meta name=copyright content="2021 QIANXIN.com">
<style>@media(max-width:767px){}</style>
<style>/*!
 * Bootstrap v3.4.1 (https://getbootstrap.com/)
 * Copyright 2011-2019 Twitter, Inc.
 * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
 *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}footer,nav{display:block}a{background-color:transparent}a:active,a:hover{outline:0}img{border:0}button,input,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button{text-transform:none}button{-webkit-appearance:button}textarea{overflow:auto}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */@font-face{font-family:"Glyphicons Halflings";src:url(data:font/woff2;base64,d09GMgABAAAAAEZsAA8AAAAAsVwAAEYJAAECTQAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGiAGYACMcggEEQgKgqkkgeVlATYCJAOGdAuEMAAEIAWHIgeVUT93ZWJmBhtljDXsmI+A80Cgwj/+vggK2vaIIBusdPb/n5SghozBk8fY3CwzKw8ycQ3LRhauWU8b7AQmPrHpsWLSbaQ1gVqO5kgksapZihmcvXvsSAlqZIYL1YkM/LIl97nZp395IqcEA/f21yuNQLmMXb2rZZ/7e/rS+3aQoE5jiykOu275k8k/fj/okKRo8gD/nl/nJmkfxsrIHdGdBcGkiz+6PvzlXksg+3a0LRtj240x7fSAEokyS6Dhebf1LCdu5KvgAAco8DNFd2ngQgUXgqAmqf8L6c5UtGxo2DBNGtLY2tKGZOVZ2HLx77Kss250ad5d3Xl1cpW0vK77me4TVlhzag6hop7lZ01uGarTmUiBV5Wpw9QIIHIy9D5pVGBWN7jNUiixqMnPGuD/K6BvNvMnY8XIQrCP5gbrNOe31s653X+Hg4vjv5quVAldYVtRZDwzd3E4LI6F7nJUSRahOOESHI4wPkW4P/kqRajnl6aVI8/6NyeN7N39hlMJDAtvY/vKt+1fizcmIyrRKym9s6DQKzRhAbBBNrZjjOd5sdmjhmYoYhlG6ebk/+m0JDt7IFlBwzF2UC10R/j/jOHAsRXNIvuwldsBQ8JmLSBXgveuAprUmc51S9awSwjjI63tDuSs1ipLhjzb/AQgKNHf69T31/9a/mDZqwzltVuXJepZBVSKrHslr8mKJIitEKBze2/v7RmcF/KIgxjVu+92dCJw4Jw0YMjq36mKz6R9bwxg47PdFPonbhRl3D4K5EceNXMAevNfTvMKklBL06Z2bVXeC8m+e3q93PLu8/+fGfh/+IyHIjNgbA2SHAOWVyPUkL1eGEArjSwHY7nJa2+pjUFPG3AVbnW1p9R685Z6Sin13M6lHveY2zHHfeHh/0893n+ttoB4vlLGxGDBSolgp3GDFaWCVXMvvyv4a9J2xzF4bBrd3+dqEmwFlkVs7FxuRIzIw8a2r1aGseb/0Gpnm3taZOWJCHo3jwsUNf/fIQR4bcI1b8JbBxy9v3Xv+ya3rzHagkgQQmtB4uwIcXLqzlKQxA2jt7AWjyhcZ2j0EBTIN4ns0op5jz2GSLVa81VQaOnQJDgQUmfTBcQYgHrCZ82tyU46i+AAMXWsJNyFr6Shnj5S/V3l+hSXDqasIp/0Zje8lwv1S69efyeYquu9M5MrRS+8xF6JWVU1XahOQhcu3sqLpdI438Urzs2POI/5LHyJe018jEGKEeV1YXzQYYiSf+yO1d7LhdWdJQAKf2xLR6JQ7SwXTnUU5tzUa/5j7zhtWEDa02T/F8yYP3/x/NrzoudZ0ybP/nvq9pT4s8fPDj/bUNworhRHil22v8/G5K/kT+SP5Lfk1+SX5AZyLbmSXExGyQg5lywmp5N55DhyrPu0+zP3H9yfuD9wv+8+6n7b/br7FXPo5P8Fi54S0BCi00THCKR68zH6oT8SXFU1FnE9rdl00XrUkg6GJlqQbmqiJeltTbQifbyJ1nRr3kQbundooi09/22iHb1CE+3p9Tc28fSugyY60rvJcXQiC9YxOpMVrOvQlaypdTv0IktfoS9KZNZjMJZssvUcMB2yxSdeAxZCtvk4VkO21XpnsAayvawPBlsgO8r6ZOwK2VnWF2J/yIN1HQ6HvKl1O5xAnip9AQZ5iXwMLqmsJ0M+E1xnPRvyOeBW68WQrwG3W2+GfGfwoPVekB8MnrY+ivxkvAo5rc/H++QX7tjF+JQKKkV8QaUOj+MbKk2tW+NbKm1P3A7fUel6HD9Q6W7dGz9SKVmPwW9UJlvPAVUqi5U1EMBT2QxNQgv+7AShpfBbsxMKrYTfb1lEaK0Y1Xvs0Sx9MTxmjSYCNmikGIYnj4F/B8qlVSNWqAjeEa28H6GlRftEfyJUwaXeqdAGokFEOYP/ZUK5OqkHBhXEJQ8CT5zBINLQBBPxgofYRhJ1im4gFjc/JVIDRzQihLhmqWfHwUbquoEgDmE9gpEts9VRl+G9eStCvSzE+NAyw8sT1oU1opWH8JmEjHhuoQUVzqoEZiohobPm62zifEdYUfgg3oNVcJTkCsVFdSDCQJ4Bj6blLfCABB9Eby42WVr2gi0mYT5mEj+bAKuTTo9OnKIJXdRPL147XNoOwkrKDc9CBsdFc0pyGQSqkBkBoMSa9cYPFCfyhWcSL+Pj0UIXJZ+hHm8gH0P16rpulTeL3DoFfPV5g0t0sib3JKfYc698ufV3UIj5xFxpXb4kWhJAKwHNDLa21YA5MHhdu3K4rSW+yNUr9gdSVaxFbYcrFtywqqM7d6B1rMA5L0m8BdQ3yDfVprlR/mx1XKZ50A5XixBOKes4idywdlnuKnW0bQKUobG/6eKp4gS6bSgJZgbKRb3y/0c4sgyiaiNJrL1SjswX+XoMI3G437ffAQYJhClZoNckiwvh0JuGY18lv20teyEwLWALO+HlhazxFGh5VvXkwV1IdiEJzx90HGG9XEvvxRAeBqVbzDF7GgMi52ogNkDsljNUMCWlE78P6c6YIsfUmcZaSYZH5AabU5P3jYIusxHEzqNwB4HG06xTxjFl6fvZk8TYm535DFnBHv92uzgaCGSxXLFCoRdsoVP7/lIpBtIT04bn+a+WroALewJJitOG9NIlnZSvPvsw0I7aprNc8CeUY2e9MiU0oFGORKEKMM2SM0KyIslNjtWOJoDbimhJFcfC2qfSUmcQt01FpKGpobaaDUm9zigHqd7VNVWWRF0MffIdmQdi7Tgkl4fsOKg+8+FYIAGyB2iVImwetc6A4mocnS4liNuAGEhIxy0LSZqm3bgjMZIdQwE09d5Z3gE3hO3urhLtWd2WoVYMbwgaPlDKXaE2v7cHmPaZTzT/N2YaDb1+ABgeQUpkWUbVwoDKLpbeb/XD/nkpCcY4bMYLtjIyjmWKnB+m0jFIG6FbAXSJsEAhyIUMMlyAQLgINQbE2ZPKJVrX7vzba96SCAZh9Z2u3ED6LmBuqDPKT0aMohBSKPOFpbb3/71aAWtMawVGIO1IV2pZHw1JpOo11+cqE/E22s5ltVNiay6kvDVGLBfsLpUCTjDf1JmSuYB8lIZWpoB8fH4FTvSHKAkgNLed7NpdLOwaSnB8fvl4ZdPJQajUHKGvNYiIL7vau1Ok/QTk9JTQdvLX3Hk/m/myJ192fHLqhMtY3Ab47kjpUcoFsLUVBcSTQkA9C91YrN/6rEITGDnLNLOYq8NUqdhCiUKpY6CtwRirSJFQo84rgvKJgV+Tk9VZSNkjrCSqy8pgoOxG+KPxQjvjtcIr2xGUhUJQUrA0zLwgdAStOnQI9SJaE0W6Sl4hWMLHk+CscTRfZFRXKDXk3IAEp+X/5B+42kmxlFXFh9JBzXr+QFU2/24uV0dY/cD
<style>/*!
 *  Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome
 *  License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
 */@font-face{font-family:"FontAwesome";src:url(data:font/woff2;base64,d09GMgABAAAAAS1oAA0AAAAChpgAAS0OAAQBywAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGiAGYACFchEIComZKIe2WAE2AiQDlXALlhAABCAFiQYHtHVbUglyR2H3kYQqug2BJ+096zq1GibTzT1ytyoKAhnlGvH2XQR0B9xFqm6jsv/////kpDFG2w7cQODV9Pt8rYoUCGaTbZJgmyTYkaFAZFtCUREkKFtVPCsorbhAUNA1HuRggbAO2j72UBAaO+EokdExs/1s2/5o1Kiiwimf3Fl5lPJKaenrF62Fznwl24G3XqwUR4KiM7gSbp6V6LraldwKxM2QRIqecFxZciCUTN9Q9A6NG4N0pSnLEZjvE6c2UsJeIlMLTH7xWVLXQ1hSFQmKNIGO5kb6eVxbv+g3bqHirnwdc+C7jHEeo027jiVLyf8XLtu6DiwL+oT3+EzQdP8n9hCQyU0dLBEVY/eIK2L6xNeH50/9c/le2CSFhtd6Lgf1bcWgDPxoJmdi3vDhdu2H8wEOySeKDzajOrC7w/Nz622jYowx2KhtMCLHghqwvypWjKiNHqNjoyQsMEFUUFS0MRID+/SsPAvtO+3z0mAQ5rYn8UgOP/Fzzqk6kQ9ORJ+o/KkQSRGkJIwEVBSLW4GCYjSKEc38f+rs7yyvzrzX772jYmw2kboLSUzpaX3bjCbgNOOUbSwnyxbL8yO916Wzf1J3AaJidcC2LEuWC8YGm+J2iwPbCG1fLcDA5lxIi537jkhI/qrzk+oHxsI/mJbTbfMLOVCIrdgpOedKqIYkxr2InOex9Dj46Mfazs5+uTvEchWNbr89JBEatR+UTmRkbhshJ66m8OM7s/SsOJm8J9lOpu0eIX8tGAZKGcq20y7g2PqR7livPQwsEgQOkJseImA6GKL/Gw8JCSB7je+e3OC8EstLISefAKEtRkiUnAmJIyR+m1pfhLmdEBK1A041VlU4RsivHKKOJRRQ1Pvdq9rb+wYIDIZDcAgCJARRGaK0u9oQnXKs7KLKvZvuumu7a9obpzPZtxPROlIRJR4QtoEye/SH3qn1kh1oJbspOMkR9gD48QEPGApJTEuQNnb0I+37s+7+Biw70KY2h6BOmjLOaHa3Dw4I/u9/zf7rDE9Pkad0IxaFBuJ4VInvqkJmAp2ehHFeFiOcrp+WP3v+NWKKSeLgJS1XWpDruWKkQaMTDF7kMc3ZbjUZ+a7pitemTlGdWSf65t3NEpYE/JFTBNwYH6YhdCIgBmBiM+n3JZMH9O8zNbsCFNFmdjurndXObM6s7jmcOmpnZj9ncpv1cP94nyCAD3wS/CAkCCBlEpQcEpRaFCjFFCR3KFpyU5DodiubWtkcz9Zx9k2i7B6b7s3q3ZltPyZzW/bldJlTklNqjqc5nK/j9z+tfNrqDfHwxT5HDswGLBBiRNW3Xqn0ql6px90bOmyKM469TkGaYKs1C5wyNrMBTPlwU/IJQd+nL1XrCsLWmLS8s7QnOVy0p9WGdLiFEK8h3/b2+rca/RuBbAAGhSBQTVK0mpA5boAKzWAVEhMoyhBA0iBIeSlN0mRNyg2QHDXp1KQTSCfSkZoc8m1TPPro23Ema7wpXM97O+4xxcNt+QebONt74YvVWIQx3S0zx5qQkSmCQiiEkSz7JfWTELC2to0ExAsFBd3923efb36+mHTt8EhXOGyQ1FoRCXKk47//PWWzGuzfMSvmBwUvyY4xVz/WsHLuEg44OVBMxtIBPnVvOSDFGDEgdMOYq8N1Y6edke7EQLP5XUsUEFLvf2JO/7uSdvuTtNQaqqgouCKKg3nrvbt7HAxjrv+P5vNzY3qmGSaucDWn5QShLGqzbiCia07EIYMug25e9/hVdR8AQHz8GD92tT73B7kdudwckXIYVWHcSFIgCxqPEPq51/jVkQCT80kNRInfy4tRv71+cOkKgNyNOzu4bvn5jUwYFyShdPkJOgloRkNZoe3eVE+gRk4dTn59F/ExImCzqPyf2GHPB8sozT9IIBGXlocfxFyWzeV1yjATTNS19fEnte26vb7NlFBibm1Pv5jrtt39jb8CGEpsiz8CAQie5XOr5wWIMCwOOIx4yULy+va+QhnH5ZFGiRAUn1/fG1JpWh34/7fUfmUjFWqwEbF3/WhPYyomRjYMrFlxwZIFe4l9P8nzPvd1Hvu2LvM0Ds5oJQVnlGAEpybX5yC4yxIpqaxSNRjlSIx9saf/y6Swa9yp2xyQJ0qZ3k+/AEmI2xO2nV/vs38FkXFPYifWSMefAEJZRU2jAxw2yHaEgTWqEE5KDeUVAU+ITgcaRgtOeCgxkjoBXLrfq0Pga45joGI4BVH0CRNk4RhbTBQoZWwcKzJ1Le7QYdaYZKKONTuiTiTU9iKiSKqPEKtTRrpv6zJpqCKK2VyzaAQ3SYz2oDxTQ08CrRm4lsiQSKAe4kV3IQEuH9fp/SFCUxJDqmcexJ2JY+MOueRzKtWnc4koNW2UPXHGyoplovvxWZELJOtcPhBmTjiAcZeMeOojdgqlNnVt7wngGZ2wYNtOTS1KAFz0EEa3x3LpRAKAHrVa0zCTByMn6qWIbuwR0kdqTILahlgUG8qMokGqnfFnWXOZKrJZytwHx17ZtZg7ItgdJGhifz25FhnPmxOYMN52SDyXVnZ/gWObXwBcWYoD7KPodztkQhYCg4sDToOEMxshJM7n57Tn4t5JfFCYIH4TJhPkA2TFLsgDG9Sw6QItYQfz+mEZCSsrwhOSOboubVL46TTjY3mvnrkji1XVwkZX7gh1vQ3cCRdpL/Ccr5RmfoA03fBsg+sOWFP0OcOEG/cxRZ3wvTNAkP3aaxOI3BVAFycjo7y2Y6y92W7qqSC68RXvU187rCX77kmK0MEru/gu80wa2EMCeLHr7h4evvrqhrF3CdrNVtuCgIG6qOGkwMP5RXhmfkhgvekwH7whZJToQFF7T2gxiRcXsUjBtkbDq9V6cxqNN/Pdibazxpx0D3J2zOip0mudu4ZoZVMzt9uHdpk5hHF8q0+C75dLKZVVXPKWQdIlo7m7AsRvHntsPIbbS7j/up3NjqKkjmmzj/FI60eASYV6nT02mldXbzDr2Qt8Fd4lQfcaamREKSENgKlwd67I7l+Cs+s7uPGm22OXRCPp/8uBTZDA3k56nPIFtwRwsF6PQ0R43sJ4aimENU/IOfsNoWDR0kVEWO548Y0g3ZJHVcjA7cuvDsSZqgSp79baiZwuJQ23v7bOiLF+DOPx+j3/CBoWQxNvpikNRoQ388rnJFqk/Si3Z8Hrb0Ktpw3bxpzAQN7lJvLD2mXuewbq4uWOo6AIbKCwZopfxlJ4mU5bp10MrpsHOGAtM5lztKbBknt/UGoB3hm4V3VjOe+FuK6phBtbPh3qLZ8uRKLcjln6H/ebFQ+AHmSHDM/C2AeisisYXnuTrrlD7veJsW3gxNnwLKaxQE48spAd2tnQ+PKJrx9/Di6NlFbx5k3w2hFT7CvTXESeK6LaUqJ80Ta1C+IncVxU4N0CppXzHB45h0SEBlg8fyTtcImA3gciu+mFppL8JJvStwveLPlwH7tz+aVU084a3f6vYrv/1E5rSZEeX+ahYNXmCkboiB/qV5OfVv+UJdnRdwitfqmkxETUkNnCy90q87N4afIeuHlbclqqhwCZW1MltEeb3BhzYEY844WjhbOsIKLBVosr/vMhK62W9/WKuNiNizl5n2vFwWZikTgy3gZz3n1sO1spZSTE+IlUnYaWa62DkuApmnaPtqk5rAGE4xune9N1E/J1j3SPyN6zQEXj9D58Q/baPFw0JQiXUnbhDKW26eXE6Kra9EDXukPMOFyR+H4pFCNrfL65LmHrb6q62gO6MDBHlHEwHRQl8fzwE6GZaHCLqboNTP+c3iKMKz6O7Oa1JaoLXk3LiphOmnPTyAZxjrQ9lRKwD77u5eSmhrBLETRy5y0q7+cl6NpoI9clO3BQ6aaUaNZDPffO+traDZca5SYUKaliYYTGS0z4QL/5nuR0uiGifjLt
<style>@media(min-width:1200px){.navbar-form{width:235px}}@media(min-width:768px){.navbar-form .form-control{width:100%}}@media(max-width:767px){.global-nav{width:100%;text-align:center;z-index:1000}}@media(max-width:767px){}.global-nav .nav{height:44px;padding:0}.navbar-form .btn{position:absolute;top:8px;right:30px;color:#999;-moz-box-shadow:none;-webkit-box-shadow:none;box-shadow:none}.navbar-form .btn:hover,.navbar-form .btn:focus{color:#777}@media(min-width:768px){}@media(min-width:992px){}@media(min-width:1200px){}html{font-size:10px;-webkit-tap-highlight-color:transparent}body{font-family:-apple-system,"Helvetica Neue",Helvetica,Arial,"PingFang SC","Hiragino Sans GB","WenQuanYi Micro Hei","Microsoft Yahei",sans-serif;font-size:14px;line-height:1.5;color:#333;background-color:#f6f6f6;word-break:break-word}button,input,textarea{font-family:inherit;font-size:inherit;line-height:inherit}ul{padding:0}.wrap{padding-bottom:30px;position:relative}.main{background-color:#fff;border-radius:4px}.mb-20{margin-bottom:20px}.mb-50{margin-bottom:50px}.mt-10{margin-top:10px}.mt-15{margin-top:15px}.mt-20{margin-top:20px}.mt-30{margin-top:30px}.mt-60{margin-top:60px}.mr-5{margin-right:5px}.span-line{margin-left:8px;margin-right:8px;color:#999}.logo{float:left;margin:0;display:inline-block;width:150px}.logo a{display:block;height:50px;width:145px;background-image:url(data:image/svg+xml;base64,PHN2ZyBpZD0i5Zu+5bGCXzEiIGRhdGEtbmFtZT0i5Zu+5bGCIDEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmlld0JveD0iMCAwIDQyNi4xMyAxMTEuNDIiPjxkZWZzPjxzdHlsZT4uY2xzLTF7ZmlsbDojZmZmO308L3N0eWxlPjwvZGVmcz48dGl0bGU+5aWH5a6J5L+h5pS76Ziy56S+5Yy6X2xvZ288L3RpdGxlPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTExMiw1Ny4zM3YtNGgzNy43OHY0aC00LjM5VjcxLjE4cS4wOCw1LjUzLTUuMTksNS40NGgtNC44OXYtNGgyLjM0YzEuMiwwLDEuNzgtLjYyLDEuNzUtMS45M1Y1Ny4zM1ptMS44LTExLjkydi00aDEzLjg1VjM4LjkzaDYuNDh2Mi41MWgxMy45M3Y0SDEzNi4zNXEzLDIuNTEsMTAuOTIsNC4zMXYzLjQ3UTEzNiw1MS42NSwxMzAuODcsNDcuNXEtNS4xLDQuMTQtMTYuMzYsNS42OVY0OS43MmM1LjI1LTEuMiw4Ljg4LTIuNjQsMTAuOTItNC4zMVptMi4wOSwyNy4yOFY1OS43NmgxOS4zN3Y3LjM2Yy4xMSwzLjgzLTEuNjcsNS42OC01LjM1LDUuNTdabTUuNDgtNGg2LjQ1YzEuMzkuMDksMi4wNS0uNjEsMi0yLjA5VjYzLjc4aC04LjQxWiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTE1My42Nyw1OC43MlY1NC41M2g0LjY5VjUwLjMxaDYuNTJ2NC4yMmgxNS42OVY1MC4zMWg2LjUzdjQuMjJoNC44MXY0LjE5aC01LjA2YTE1LjM2LDE1LjM2LDAsMCwxLTcuNTcsMTEuODgsOTIuNiw5Mi42LDAsMCwwLDEyLjIxLDIuMzR2NHEtMTIuMTMtMS4yNS0xOC43OC0zLjQ3LTYuNTcsMi4yMi0xOC43LDMuNDd2LTRhMTA0LDEwNCwwLDAsMCwxMi4xNy0yLjM0LDE1LjA2LDE1LjA2LDAsMCwxLTcuNTctMTEuODhabTM2LjYxLTE2Ljg2djcuMzZoLTYuMTVWNDZIMTYxLjM3djMuMjJoLTYuMTVWNDEuODZoMTMuODlWMzkuMDloNy4ydjIuNzdaTTE3Mi43NSw2OC4yMXE2LjY5LTMuMTgsNy42MS05LjQ5SDE2NS4wOVExNjUuOTMsNjUsMTcyLjc1LDY4LjIxWiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTE5OSw3N1Y1Mi43M2EyNywyNywwLDAsMS0zLjQ3LDEuNDNWNTAuMzVhMTcuMiwxNy4yLDAsMCwwLDUuOS0xMWg1LjlhMzIuODYsMzIuODYsMCwwLDEtMi42OCw3LjdWNzdabTcuNzQtMzF2LTRoMTBWMzkuM2g2Ljd2Mi43NmgxMC4xMnY0Wm0xLjM0LDMwLjVWNjIuMjNIMjMxLjd2Ny43cS4xNyw2LjgxLTYuMTUsNi42MVptLjEzLTI0di0zLjhoMjMuNDJ2My44Wm0wLDYuN1Y1NS40MWgyMy40MnYzLjgxWm0xNy44NiwxMC42MlY2Ni4ySDIxMy43MXY2LjMyaDEwLjEyQzIyNS4zOSw3Mi42MywyMjYuMTMsNzEuNzQsMjI2LjA1LDY5Ljg0WiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTIzNy43Niw0Ni40NnYtNGgxNC40OHY0SDI0OFY2NS4yNGMxLjQyLS4zLDMtLjcxLDQuNzMtMS4yMXY0LjE0YTU1LjQxLDU1LjQxLDAsMCwxLTE1LjE0LDMuNzdWNjYuNzljMS4yNS0uMDgsMi43OC0uMjQsNC42LS40NlY0Ni40NlptMTMuNDMsOC4wN1Y1MC44MXE0LjY5LTQsNS40NC0xMS41NWg2LjExYTMyLjMxLDMyLjMxLDAsMCwxLTEuMDUsNC40NGgxMy43N3Y0aC0zcS0uODQsMTEuODUtNS44NiwxOC4yYTQzLjI2LDQzLjI2LDAsMCwwLDguNDksNi44MnY0LjQ0YTQ5LjQxLDQ5LjQxLDAsMCwxLTEyLTcuNTMsNTIuMTMsNTIuMTMsMCwwLDEtMTIuNjQsNy41N1Y3Mi44MUE0MC4wNyw0MC4wNywwLDAsMCwyNTkuNzMsNjZhMzQuMzgsMzQuMzgsMCwwLDEtNS42MS0xMi44QTIxLjc4LDIxLjc4LDAsMCwxLDI1MS4xOSw1NC41M1ptOC4yNS0zLjcyYTM2LjQsMzYuNCwwLDAsMCwzLjc2LDEwLjVxMi43MS00Ljg5LDMuNDMtMTMuNTZIMjU5LjlhMTUuMSwxNS4xLDAsMCwxLTIuNDcsMy4wNloiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0yODAuNTYsNzYuOTFWNDAuNjRoMTMuNzN2NGEyNS44NiwyNS44NiwwLDAsMS0yLjY0LDEwLDExLjMyLDExLjMyLDAsMCwxLDMsNy40cS4xNyw4LjUzLTcuOTEsOC4zN1Y2NS45MWMyLDAsMy0xLjUsMy4wNi00LjQzYTkuMzEsOS4zMSwwLDAsMC0zLjEtNi41NywyNiwyNiwwLDAsMCwyLjQz
<style>a{color:#009a61;text-decoration:none}a:focus,a:hover{color:#004e31;text-decoration:underline}.navbar-inverse{background-color:#2a8c70;border-color:#2b7a5c}.navbar-inverse .navbar-nav>li>a{color:#fff;padding-left:6px;padding-right:6px}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#008151}@media(max-width:767px){}@media(max-width:767px){}.tag{display:inline-block;padding:0 8px;color:#017e66;background-color:#e7f2ed;height:24px;line-height:24px;font-weight:400;font-size:13px;text-align:center}.tag[href]:focus,.tag[href]:hover{background-color:#017e66;color:#fff;text-decoration:none}.btn-success{border-color:#4cae4c;background-color:#5cb85c;color:#fff}</style>
<style>@-moz-keyframes blink{50%{background-color:transparent}}@-webkit-keyframes blink{50%{background-color:transparent}}@keyframes blink{50%{background-color:transparent}}.markdown-body{color-scheme:light;--color-prettylights-syntax-comment:#6e7781;--color-prettylights-syntax-constant:#0550ae;--color-prettylights-syntax-entity:#8250df;--color-prettylights-syntax-storage-modifier-import:#24292f;--color-prettylights-syntax-entity-tag:#116329;--color-prettylights-syntax-keyword:#cf222e;--color-prettylights-syntax-string:#0a3069;--color-prettylights-syntax-variable:#953800;--color-prettylights-syntax-brackethighlighter-unmatched:#82071e;--color-prettylights-syntax-invalid-illegal-text:#f6f8fa;--color-prettylights-syntax-invalid-illegal-bg:#82071e;--color-prettylights-syntax-carriage-return-text:#f6f8fa;--color-prettylights-syntax-carriage-return-bg:#cf222e;--color-prettylights-syntax-string-regexp:#116329;--color-prettylights-syntax-markup-list:#3b2300;--color-prettylights-syntax-markup-heading:#0550ae;--color-prettylights-syntax-markup-italic:#24292f;--color-prettylights-syntax-markup-bold:#24292f;--color-prettylights-syntax-markup-deleted-text:#82071e;--color-prettylights-syntax-markup-deleted-bg:#ffebe9;--color-prettylights-syntax-markup-inserted-text:#116329;--color-prettylights-syntax-markup-inserted-bg:#dafbe1;--color-prettylights-syntax-markup-changed-text:#953800;--color-prettylights-syntax-markup-changed-bg:#ffd8b5;--color-prettylights-syntax-markup-ignored-text:#eaeef2;--color-prettylights-syntax-markup-ignored-bg:#0550ae;--color-prettylights-syntax-meta-diff-range:#8250df;--color-prettylights-syntax-brackethighlighter-angle:#57606a;--color-prettylights-syntax-sublimelinter-gutter-mark:#8c959f;--color-prettylights-syntax-constant-other-reference-link:#0a3069;--color-fg-default:#24292f;--color-fg-muted:#57606a;--color-fg-subtle:#6e7781;--color-canvas-default:#fff;--color-canvas-subtle:#f6f8fa;--color-border-default:#d0d7de;--color-border-muted:hsl(210,18%,87%);--color-neutral-muted:rgba(175,184,193,0.2);--color-accent-fg:#0969da;--color-accent-emphasis:#0969da;--color-attention-subtle:#fff8c5;--color-danger-fg:#cf222e}.markdown-body{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;margin:0;color:var(--color-fg-default);background-color:var(--color-canvas-default);font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji";font-size:16px;line-height:1.5;word-wrap:break-word}.markdown-body h1{margin:.67em 0;padding-bottom:.3em;font-size:2em;border-bottom:1px solid var(--color-border-muted)}.markdown-body img{border-style:none;max-width:100%;-webkit-box-sizing:content-box;box-sizing:content-box;background-color:var(--color-canvas-default)}.markdown-body ::-webkit-input-placeholder{color:inherit;opacity:.54}.markdown-body ::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}.markdown-body h1{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.markdown-body ::-webkit-input-placeholder{color:var(--color-fg-subtle);opacity:1}.markdown-body ::placeholder{color:var(--color-fg-subtle);opacity:1}.markdown-body::before{display:table;content:""}.markdown-body::after{display:table;clear:both;content:""}.markdown-body>*:first-child{margin-top:0 !important}.markdown-body>*:last-child{margin-bottom:0 !important}.markdown-body p{margin-top:0;margin-bottom:16px}.markdown-body ::-webkit-calendar-picker-indicator{-webkit-filter:invert(50%);filter:invert(50%)}</style>
<style>#md_view{padding:0 20px}#md_view img:hover{cursor:pointer}</style>
<!--[if lt IE 9]>
    <script src="/static/js/html5shiv.min.js"></script>
    <script src="/static/js/respond.min.js"></script>
    <![endif]-->
<style>html #layuicss-skinlayercss{display:none;position:absolute;width:1989px}@-webkit-keyframes bounceIn{0%{opacity:0;-webkit-transform:scale(.5);transform:scale(.5)}100%{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes bounceIn{0%{opacity:0;-webkit-transform:scale(.5);-ms-transform:scale(.5);transform:scale(.5)}100%{opacity:1;-webkit-transform:scale(1);-ms-transform:scale(1);transform:scale(1)}}@-webkit-keyframes zoomInDown{0%{opacity:0;-webkit-transform:scale(.1) translateY(-2000px);transform:scale(.1) translateY(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateY(60px);transform:scale(.475) translateY(60px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@keyframes zoomInDown{0%{opacity:0;-webkit-transform:scale(.1) translateY(-2000px);-ms-transform:scale(.1) translateY(-2000px);transform:scale(.1) translateY(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateY(60px);-ms-transform:scale(.475) translateY(60px);transform:scale(.475) translateY(60px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@-webkit-keyframes fadeInUpBig{0%{opacity:0;-webkit-transform:translateY(2000px);transform:translateY(2000px)}100%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes fadeInUpBig{0%{opacity:0;-webkit-transform:translateY(2000px);-ms-transform:translateY(2000px);transform:translateY(2000px)}100%{opacity:1;-webkit-transform:translateY(0);-ms-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes zoomInLeft{0%{opacity:0;-webkit-transform:scale(.1) translateX(-2000px);transform:scale(.1) translateX(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateX(48px);transform:scale(.475) translateX(48px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@keyframes zoomInLeft{0%{opacity:0;-webkit-transform:scale(.1) translateX(-2000px);-ms-transform:scale(.1) translateX(-2000px);transform:scale(.1) translateX(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateX(48px);-ms-transform:scale(.475) translateX(48px);transform:scale(.475) translateX(48px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@-webkit-keyframes rollIn{0%{opacity:0;-webkit-transform:translateX(-100%) rotate(-120deg);transform:translateX(-100%) rotate(-120deg)}100%{opacity:1;-webkit-transform:translateX(0) rotate(0);transform:translateX(0) rotate(0)}}@keyframes rollIn{0%{opacity:0;-webkit-transform:translateX(-100%) rotate(-120deg);-ms-transform:translateX(-100%) rotate(-120deg);transform:translateX(-100%) rotate(-120deg)}100%{opacity:1;-webkit-transform:translateX(0) rotate(0);-ms-transform:translateX(0) rotate(0);transform:translateX(0) rotate(0)}}@keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes shake{0%,100%{-webkit-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);transform:translateX(10px)}}@keyframes shake{0%,100%{-webkit-transform:translateX(0);-ms-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);-ms-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);-ms-transform:translateX(10px);transform:translateX(10px)}}@-webkit-keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes bounceOut{100%{opacity:0;-webkit-transform:scale(.7);transform:scale(.7)}30%{-webkit-transform:scale(1.05);transform:scale(1.05)}0%{-webkit-transform:scale(1);transform:scale(1)}}@keyframes bounceOut{100%{opacity:0;-webkit-transform:scale(.7);-ms-transform:scale(.7);transform:scale(.
<body>
<div class="global-nav mb-50">
 <nav class="navbar navbar-inverse navbar-fixed-top">
 <div class="container nav">
 <div class="visible-xs header-response sf-hidden">
 
 
 
 
 </div>
 <div class="row hidden-xs">
 <div class="col-sm-8 col-md-8 col-lg-8">
 <div class=navbar-header>
 <button type=button class="navbar-toggle collapsed sf-hidden" data-toggle=collapse data-target=#global-navbar>
 
 
 
 
 </button>
 <div class=logo><a class="navbar-brand logo" href=https://forum.butian.net/></a></div>
 </div>
 <div class="collapse navbar-collapse" id=global-navbar>
 <ul class="nav navbar-nav">
 <li><a href=https://forum.butian.net/>首页 <span class=sr-only>(current)</span></a></li>
 
 
 
 <li><a href=https://forum.butian.net/questions>问答</a></li>
 
 
 
 <li><a href=https://forum.butian.net/shop>商城</a></li>
 
 <li><a href=https://forum.butian.net/community>实战攻防技术</a></li>
 <li><a href=https://forum.butian.net/movable>活动</a></li>
 <li><a href=https://forum.butian.net/questions/Play>摸鱼办</a>
 
 </li>
 </ul>
 <form role=search id=top-search-form action=https://forum.butian.net/search method=GET class="navbar-form hidden-sm hidden-xs pull-right">
 <span class="btn btn-link"><span class=sr-only>搜索</span><span class="glyphicon glyphicon-search"></span></span>
 <input type=text name=word id=searchBox class=form-control placeholder value>
 </form>
 </div>
 </div>
 
 </div>
 </div>
 </nav>
</div>
<div class="top-alert mt-60 clearfix text-center">
 <!--[if lt IE 9]>
    <div class="alert alert-danger topframe" role="alert">你的浏览器实在<strong>太太太太太太旧了</strong>，放学别走，升级完浏览器再说
        <a target="_blank" class="alert-link" href="http://browsehappy.com">立即升级</a>
    </div>
    <![endif]-->
 
 </div>
<div class=wrap>
 <div class=container>
 <div class="row mt-10">
 <div class="col-xs-12 col-md-9 main" style=width:100%>
 <div class=widget-article>
 <h3 class="title word-wrap">怒绕三个WAF注入的小故事</h3>
 <ul class=taglist-inline>
 <li class=tagPopup><a class=tag href=https://forum.butian.net/topic/47>渗透测试</a></li>
 </ul>
 <div class="content mt-10">
 <div class="quote mb-20">
 天呢，不知道的以为我在注CIA。
发现漏洞
经典的字符串型盲注，无报错回显。注入单引号*1返回404或500（交替出现，无规律），注入单引号*2正常显示：
由于可能存在混淆情况（前几天就遇到一...
 </div>
 <textarea id=md_view_content style=display:none>天呢，不知道的以为我在注CIA。

![](https://cdn.nlark.com/yuque/0/2024/png/32358243/1717395765975-fa29f0a2-6c91-430f-a4d1-ea24ba143067.png)

发现漏洞
====

经典的字符串型盲注，无报错回显。注入单引号\*1返回404或500（交替出现，无规律），注入单引号\*2正常显示：

![](https://cdn.nlark.com/yuque/0/2024/png/32358243/1717393756120-02bf1db1-326e-415e-8e9f-4744b47aef31.png)

![](https://cdn.nlark.com/yuque/0/2024/png/32358243/1717393452213-b99907cb-057e-4443-9a5b-a9b9a1301e73.png)

由于可能存在混淆情况（前几天就遇到一个模糊搜索导致1-0、1-1回显不同让人以为是注入），用单引号\*3、单引号\*4等再次测试，确定这里存在一个注入点。

第一个WAF
======

开始注入，先使用百用百不腻的' and '1'='1。这个payload有两个作用，一是进一步确定注入是否存在，二是测试WAF是否存在，因为几乎没有WAF会不拦截它。

也是果不其然的拦截了：

![](https://cdn.nlark.com/yuque/0/2024/png/32358243/1717394296534-8beb827e-87a2-484d-8ab1-0a1a86371241.png)

由于返回的是空包，也不好确定是不是云WAF，先使用最懒的办法，也就是垃圾参数绕过：

![](https://cdn.nlark.com/yuque/0/2024/png/32358243/1717394457050-4dd2702b-295d-4490-9384-62affd41503e.png)

一发入魂，四千九百多个参数绕过成功，但看返回包很明显还有WAF。

第二个WAF
======

逐个删除敏感关键词，看看这第二个WAF到底拦截了哪些词。

删除=，拦截；删除单引号，正常；删除and，正常。

看来是拦截了'+and，然后换用其它常见关键字测试，'+select拦截，'+union拦截，'+or拦截；而'+if，'+case都可以。试着使用注释/换行代替空格，无效。对于常见函数，substr、substring、sleep自然是全部拦截，但left和right并未拦截。

看来这个WAF主要拦截的是连接词和常用函数（这个之后再说，函数不是简单拦截两个就能让人无计可施的）。使用||代替or，成功（当然，这里也有不用连接词的注法）。

![](https://cdn.nlark.com/yuque/0/2024/png/32358243/1717395389932-2b8f31a6-b0e5-4902-8f3d-c16f13e73d44.png)

第三个WAF
======

实际上，这个WAF（或者说拦截）我搞了半天才发现。

很显然这个系统过了很多个开发的手，不然我不觉得有点追求的开发会写这么多个过滤拦截在代码里（毕竟这一点都不优雅），被打这么多次就直接上ORM好吗？好的。

![](https://cdn.nlark.com/yuque/0/2024/png/32358243/1717398991398-748cf8df-7d0a-4527-9e88-ff7909f00da8.png)

言归正传，一开始我认为所有WAF都被绕过了，但碍于这个关键字拦截不好直接上sqlmap跑，于是只能手动注入之。要手注最开始肯定要判断下数据库类型。

使用USER无报错，USER()报错，排除MYSQL。

使用db\_name()报错，排除MSSQL。

使用exp(291)报错，exp(290)不报错，确定当前数据库为Oracle。

确定数据库之后选用payload，由于是只能使用or的盲注，我选择使用1/0也就是除零报错进行盲注。

构造payload为' || 1/(case when 1=1 then 1 else 1 end) || '，使用永真看一下语句是否报错，结果却报错了。

换用if(1=1,1,1)继续尝试，结果还是报错。

理论上用在大多数数据库上都生效的基础语句为什么会报错呢？这实在让人百思不得其解。

由于想了半天（真是打死我也不敢想开发会弄三个WAF来恶心我）想不出个所以然，所以我决定先放开这头，去测试字符串函数。毕竟手注中最能令人信服的证据莫过于注出当前用户名了。

substr、substring就别想了，会被第二个WAF拦截。使用left('a',1)代替字符串，居然还是报错？

![](https://cdn.nlark.com/yuque/0/2024/png/32358243/1717398181120-3a0b3592-7944-484b-aaaa-594a300d4d1c.png)

![](https://cdn.nlark.com/yuque/0/2024/png/32358243/1717398212955-2c09c9d1-2367-420c-b813-053d3cecdb0a.png)

**一次报错是我写的不对，次次报错就真的有点问题了。**这下我开始怀疑存在第三个无回显的WAF。

使用'|| 1=1 ||'，居然也报错？

![](https://cdn.nlark.com/yuque/0/2024/png/32358243/1717398380682-e479e532-6338-47b5-a196-358e5b124b73.png)

那么非常有可能是拦截了=等于号。换用不等于&amp;lt;&amp;gt;进行测试，未报错：

![](https://cdn.nlark.com/yuque/0/2024/png/32358243/1717398422639-ff466a74-859c-43f4-afdd-3710a759e903.png)

但是对case when套了&amp;lt;&amp;gt;进去，还是报错：

![](https://cdn.nlark.com/yuque/0/2024/png/32358243/1717398904622-2388901a-473b-4ef3-abd6-0e7c4729b40a.png)

那很有可能是既对=拦截又对case when等条件语句拦截。这下咋办？只能重新找一个函数啦。

几番搜索，找到一个函数INSTR，用于搜索子字符串的出现位置：

![](https://cdn.nlark.com/yuque/0/2024/png/32358243/1717399330182-061c8afc-2a58-4257-befc-5fbe49d60362.png)

这个函数是可以利用的，只是过程稍微麻烦些。至于如何利用呢——我们做一道小小的数学题即可：

' || 1/(1-INSTR(USER,'a')) || '

由于INSTR会返回整个字符串中子串出现第一次的位置，所以我们只需要同时爆破被减数与子串，即可定位整个用户名字符串：

![](https://cdn.nlark.com/yuque/0/2024/png/32358243/1717400150252-4109dcb4-2cc9-487e-bcb4-b9d14fbcd469.png)</textarea>
 <div id=layer-photos-demo>
 <div id=md_view><div class=markdown-body><p blockindex=0>天呢，不知道的以为我在注CIA。</p>
<p blockindex=1><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAmEAAAJQCAIAAABJsSQUAAAgAElEQVR4AexdeVzM2/unmvaSwkX27drbFFGWbKHrRlKICuGirBER6SYkhISIpJVUqLSopH3RIkWlfd9nqqmm4vf6zvPt/D7fmRpTQuk8f9QzZ87nfM55z+c8789zlucMGIAFI4ARwAhgBDACGAGMAEYAI4ARwAhgBDACGAGMAEYAI4ARwAhgBDACGAGMAEYAI4ARwAhgBDACGAGMAEYAI4ARwAhgBDACGAGMAEYAI4ARwAhgBDACGAGMAEYAI4ARwAhgBDACGAGMAEYAI4ARwAhgBDACGAGMAEYAI4ARwAhgBDACGAGMAEagLyIwkCADBgwgfGKlopayykT4jv38kJNw6f+rqBCsYAQwAhgBjABG4GcgABTEQZeBAwdycHBwsiGQn83MnJycbObn4OCAOvw/MRK0nwEHvgdGACOAEcAIYASILiOiOmAyIqUhbmNQEI0ypHf2sUv5iRUgUGQ/UvHziRHACGAEMAK/GAHEOcCR4MP94jrRB3uBaIFWUSX7lfLLfwVcAYwARgAj8EMQYN+Ud/X2qOSuXthZfiiQk5OTi4uLRCJx04WHLry/QuDW3NzcJBKJi4sLOJLomCIEfnuls58Mp2MEMAIYgT6MQJdsd1fbSSyc9bXEnB3qHBwcXFxcvLy8fHQRFBQcNGjQ4MGDxcTEhg4dOnz48BEdyciORLy7wlzYiBEjhg0bJiYmJiwszMfHRxxxRT4umjElcid8Cy0ljiF32PY+kcj698XfYgQwAhiBPoPAj7a5xIFHpCPOAJiA87i4uAYOHDhgwAASicTHx8fPz8/DwwPeIfEvDw/PoEGDxowZIyUltWDBAim6SBNERkZGSkpKUlJSQkJCUlJSSkpKWlpaRkZGtl3k5OTmzp0rLy8/f/78BQsWKCgoKHZRFBQU5s+fP2/evLlz58rKys6hiwxdpKWl//zzzxEjRnBzc3f4EPDy8goKCvLz8/Py8kIDSSQSBwcHyvyjf5GfUD5qC1YwAhgBjEDfRuBHW0zEizD2yEUXbm5uXl5eAQEB4XYREhISFBTk4+MDCgGnULQjERMTExcXnz59uqKi4urVqzXookmQzXTZsmWLlpaWNl10dHR0dXW3b9+uSxeddoGP27slurq6Ojo62tra27Zt09LS2rx5s6ampoaGhrq6+pIlS2RkZMaNGycqKjqkXcTaZRhdBg8eLCwsLEQXRJnc3NxcXFxEt/JH/zo/qPy+3SVw7TECGAGMAMOYHsPQHzsf2TSvRI5EE4dCQkJDhw4dO3bs1KlTpaSk5Npl3rx5ioqKSkpKysrKKioqf3ckqqqqmpqau3fvPnny5IULF27T5Q5B7Nrl7t279+7du3//vr29/QO63L9/387O7s6dO7a2trdu3bKhy82uC1x469YtW1vb27dv29IFPtrY2Jiamh45ckRHR0dNTW3t/4qKioqysvKSJUvmzZsnIyMjLS0tJSU1Y8aMcePGDR06VERERFBQkJeX90cwZYe/KZs/Ylez4f6FEcAIYAT6PAJEw9ehAWWd+M3LOdsFUSMPDw+4j0OGDBk/fryEhMSCBQs0NTX3tsuxY8fMzc0vXbpkbW1ta2t79+7ddr77///37993dnb28fGJiopKocv79+9T/1dSUlKSkpIS2yUpKSk5OTkpKendu3dxcXFRUVHh4eFhYWFv3rwJDQ0NCQkJ7qKEhoa+efMmLCwsIiIiNjY2Li7u3bt3SUlJ79+/T0lJiYmJCQwMdHV1vXv37vV2uXHjxvXr162srM6fP3/mzJl9+/bt3r17F120tLSUlZWlpaUnT548atSooUOHDho0CIaaSSQSw7xmO6j/v2UTfibiz4F0eEbhY4e/JsrZs0qf7xu4ARgBjEB/RgAZxA7tZlcTubi4+Pj4hIWFRUVFxcTEBg8eLCoqOnz4cHFx8VGjRo0ePXrUqFETJ06Uk5NbtGjR8uXL16xZo6amtmXLlu3bt+/du9fY2Ph8u1y/ft3BwcHZ2dnDw+PFixe+vr6v6OLv7x8QEBAYGBgUFBQSEhIXF5eZmVlaWlpbW9vQ0EClUpuampqbm5voQqVS6+vr6+rqKBRKTU1NdXV1VVVVZWVlRUVFeXl5WVlZaWlpSUlJMV2K6FLYLSktLa2urqbQpba2tpouFRUV+fn5aWlp0dHRwcHBISEhb9++ffPmTXBwcGBgoK+v74sXLzw8PB49enTnzh1ra+tLly4ZGxvv379/+/btWlpa69evV1ZWXrx48fz586WlpadNmzZhwgRxcfGhQ4eKiYkNGzZs1KhRY8eOFRcXHzJkyKBBg4SEhAQEBHh5eTk5OeGRhh8XPd7wEX5T4Neu/r5dyo8eLZhaRtXACkYAI4AR6DMIIEOGdt8zOCuszSLabgE7LmC9CYlEEhYWHjZs2JgxYyZNmjRjxgxJScmFCxeqqqrq6Ojs37//xIkTZmZmly5dunbt2u3btx8+fOjq6vr8+fPXr1+Hh4dH0iU6OjohIeH9+/efPn3KyckpoEt+fn5eXl5Ou+Tl5ZWUlNTW1gIvtrS0tNHlC12+EgRS4NtWurS0tDQ3NzfShUqXBroAp9Z1RSgUSl1dXUNDAxBzc3MzjUZroUt9fX15eXlubm5GRkZmZmZOTk52dnZmZubHjx8/fPiQkpKSmJgYHx8fExMTGRkZHh7+5s0bPz8/Dw8Pd3d3W1vbS5cumZmZnT592tDQcP/+/Xp6etra2mpqakuWLJGVlYXlSDNmzJg8efKYMWOGDh0qKChIIpE6fPgGDhzIRRfYjgI66x/3O79FjxbmyA5/EZyIEcAI9AEEmH0LFiN4DEYTrmVupICAgLi4+J9//rl8+XIVFRU1NTUNDQ0jI6PLly8/ePDAxcXF398/LCwsOjr63bt3aWlp2dnZRUVFVVVVQDPgBQJjNTY2Iv4D1mlpaaHRaMhTbGpqAkJqbW0FCmxra2PmSAJd/o/KwJ1wC1oXBSrT2NjY3C6II1taWpqamurr66uqqmpra4F5KRQKmUyuqampqqqqqKiorKysrq4mk8ngB1dXVxcVFeXk5Hz48CE2NjYsLCwoKOjly5dPnjxxdHS0t7e3tLQ0MDDQ1NRcuXKlgoKCnJyclJTU9OnTJ0+ePHbs2BEjRqA9J2hLDF+7EBfQEvdudunFiOEx6Owj5kjmroFTMAIYgT6GQJc4krilj5OTE5akwpZEWLc5fPjw+fPnr1q1atu2bQYGBkZGRqdPnzYzM7tw4YK9vf2TJ0+CgoJiYmKysrKKiooqKirIZDKNRkOs1dzcTKVSGxoaYHS0rq6usbGxpaUF+O/Lly8oJyhtbW2tra1AbN3jSCinQ6ZElPxNhTVHIt5tbW1lrj80uampCX3V2tpKJpOrqqrKy8sLCwuzs7M/fvyYmJgYGRkZEhLi7+//8uVLd3d3e3v7K1eumJiYGBkZHT58eP/+/To6OqtXr16+fPnChQvnzp0LO14kJCSmT58+iC7CwsIwGAvBDTBH9rG+iquLEcAI/HwE0Mt+Z94ASoecnJycPDw8aEBv4MCBJBJJXFx89uzZq1at2rJly6FDhy5duvT48ePg4ODIyMioqKjo6Oi4uLi0tLTCwsLa2loqldrc3AzMRyQ2IDwYCCX+JQ6fApl19hd5kJ1l6MF05LMikgbvluhBMpArsVFIR3lQSmtrK/ixQL3w0kChUGpra2FKtaKioqio6PPnz2lpaYmJiVFRUUFBQZ6eno8ePbp69aqxsfHu3bu3bdv2119/KSsrL126dOHChbKyslOnTh02bBg/P/+QIUNERET4+Pi4ubl5eHhgjw2wZs96k+jRwmOtP79f4ztiBDACPYMAMmSIC1koQJBCQkKDBw+G6cZp06bJyMisXbtWW1v72LFjFhYWTk5OISEhHz9+LCwshIHEqqoqWM9CpVIRhQAlIKb5psIOvfVyjkR02A0Fjf7CHGpDQwOsQqqsrCwtLc3NzU1PT09MTHz79u2zZ8/u3r178eLFM2fOnDx58uj
<h1 blockindex=2>发现漏洞</h1>
<p blockindex=3>经典的字符串型盲注，无报错回显。注入单引号*1返回404或500（交替出现，无规律），注入单引号*2正常显示：</p>
<p blockindex=4><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABTIAAAEWCAIAAADaQP8wAAAgAElEQVR4AeydB1gU197/933e980/uW/ITSL3pqjJJrEGe0vRG0yzxMTE2JJ71cR2vcZEYxQrgqBgVFQUu1gwKvaGIGjs2ABREVCkiaLUhaUsy8LC+YtHDsPO7DALw7Lsfs/DA2fP+Z32mRmYDzM7qyD8VHxti+vBhOrliYmJrKC4uPTrr7dNn36spERPC3NziwYM2JKXp7Wzc/b2vjB8+I7y8nJCSJMmrgqFE/168UUXGqxQONGGBQU6Oztn1i0/wx+IEKJQOLFIg3xWViGrqkVGqVTWohWagAAIgAAIgEB9E/jPxF8WL12x98DRY0F/njpzMfRSxJWwGxGR0ddv3r5xKy4q+m50bELMnaTYuOTYuORS0aRSqWlYbFyyKidPNLbUhHWJnjz89a/z0tML+L01aeKqUmkIISqVpkkTVxpg8MedteKW00JjpxmCTfjNWRg3IxgmfaDmzT2OHo3R6fSnTyc0a7aQ9czvllvCzbMm4pnw8PCPPvqoR48eu3bt+vzzz2lwt27dcnNzCSFqtbp79+7iPaAWBEAABEDAcggoKqdSEH81Noe+KLy6ccGR5MoK+tNAy5csOTtkyPb4+GwW5ei47tdfj3bvvuqZZ2ZNnHiQlr/88tM/tyyM69V5edqXXnrq6twAli8uLuUPxP3TZSzPejApAy03CReCQQAEQAAEzEbAUrVc6slDr15r9u2LYrgOH46m+ZdfdlWrtU80UlsLLRc/zeCechjk2Uz4Ge6pxZ9/xrN50n8fcOO5kSy/adPVVq2WPPvs7Natl7DmgqOzJoK13IHE835+fq6uT/+jMXTo0NDQUEJIWFjY8OHDxRuiFgRAAARAwHIIMC1POeYbmJRfXKrLuXPU2313tK76HJmW5+VpnZyOaTQlOTlFjo7r7t176vKLFp1+5plZSUmqF16Yd+LEXdp62LAdEycezMkpSkvLnz79GC185plZAQGxRUUlnp6nBw7cWn2cqleCAxUU6BQKp6KiEkJIUVGJQuFE/5xrtaWsvKoLU3L37t1TKpWxsbGmNEIsCIAACIAACJiDgKVqudSTh+3br7399qLw8AeFhboDB279/vsZSm3ECP85c47n5xc7OwePGOFPCCksrPpDT/+40z/0hJC//GVOZGRqYaHO3f0kbc4/zTCpOX/L0VMLjabiNOPmzUfffutn6kBvvunp6Xn68OHoyMhUNnP+5I2dz/CnZKxkypQpGo0mNDS0R48eCQlP73HctWvXiBEjMjMzx48f7+9fwRMJBEAABECgURBgWk40yWf/WLnQxWXBsi3H7+ZV3ILOTUzL6R3pt26lrVhxnuZpWFRU2k8/VVwkHzVqN7u5PSOjYNAgPzs7ZwcHrxs3HtHIX389umpV6PPPO/fsuSY5+anVc8eiecGBaGHfvr6EkAEDttCXixadphmFwmnSpEPcrkaNGsV9aSzv5+enrEw+Pj7GwlAOAiAAAiAAAg1CwFK1XOrJAyFk+fLzzZotfOGFeRMmHGDnCZmZhf37b7azcx4wYAt9J5rgH3rK3N39pJ2d8xtveJw8+fS///zTDJOa8zdlx47L2RmFQuH04497aIz0gWbMCHR2Dt616/qKFedHjvQfO3af4ORF5inx1GXOnDmtW7d2dHQMCQlhC9Hr9VOnTm3duvXkyZP1+qfvNGS1yIAACIAACFgsgSotF58i03LxMNSCAAiAAAiAAAjITsBitVx8pTZ48tCkiev+/VFFRSVabWlAQKy9/XxxRKgFARAAARAAgYp3M0mkUK9/Wbn/maZ5ibNCGAiAAAiAAAjYAgFoeWPZygcP3urUacWzz862s3Pu0WNVcHBcY5k55gkCIAACINCABCxCyxtw/RgaBEAABEAABCyfALTc8rcRZggCIAACIAACtSYALa81OjQEARAAARAAATMRgJabCTSGAQEQAAEQAIGGIAAtbwjqGBMEQAAEQAAETCEALTeFFmJBAARAAARAoJERgJY3sg2G6YIACIAACNggAWi5DW50LBkEQAAEQMB2CEDLrWdbh4eHf/fdd2ZYj16vX7t2rRkGwhDWSmDt2rX45B7BjWu2o1hwdOmF+CUgnZUskWvXroWWy0ISnYAACIAACICAZRLganmZKjpos5f7PBfPDcEJRdXny57E3revr0LhNGDAFkKIo+M6hcKpZ8811WPlfJWeXvDMM7MyMgrk7LS2ff38889KpXLlypWEkGvXrimVyp9//rkWnQ0dOpTbKjAwcMqUKT179qyxkBvAz48dO9bf35+WDx8+vPKD2JVdu3blB7MSvV7/22+/tWnT5pdffpFoSm5ubklJSYQQpVLZrVu3oKAgpVLp5eX166+/KpVK1rPBMlm5YMbLy+vrr78WrKp74ZAhQ5RK5fLly5/stI5KpZLS/s9//sMojR49WmQglUp1+vTpYcOGcWOko5Meye2f5mWBHBgY2Lt377Zt23p6enKHyM7O7t69O7ekjnmJAyUmJrq7u0scKysrq2XLltnZ2RLjuWGCBxc3gObFIXPjZ82axd9R6eE2ZMiQuLg4ukdxm5h0INR4FJ89e7Zv375t2rT59ttv4+KePuF51KhRbE/u0aMHd3SDvGBzQoixDWfQnL1kvwQE184mQ39LMCb8I07wlyo9YPv378+GMzUjst25m2P9+vVffPGFqZ1z47dt29apU6evvvpq2bJl3HIpeZNGT0xMtGAtl3TyQAgJDo5r337Z//t/s5VKz1mzgqRQMk/MP/7RMP9oFtlRzbNwjAICIAACIGA5BKq0XH8/eOXqw1GPCktKk0/5X0yrPkem5YWFOoXCqbBQRwjRaEpYvnq4bK+2bg2fMuXItm0RsvVIyIwZgbXrraioSKlUTpw4kRDyxx9/KJVKjUZTi65ycnK4rSIiIjZt2sQVWkKIYCG3lUE+Pj6+R48eOl3FdiGEbN++3SDA2Mvdu3d///33GRkZEyZM2LFjh7EwVh4ZGTl9+nT6cvPmzdu2bSsvLx8wYIBOp0tKSjp06BCLNFgmKxfM7Nixw4CAYFjtCumG69Onj16vp3m64dzc3DQajVKpLC4uXrRokUjnx44d+/TTTw1mKB2d9Ej+HOoOOSIiYsCAAdHR0Vqt9qeffmJDlJeX//jjjwaLYrW1yJg00PTp0yMjI6WMsm/fPjc3t/3790sJNoiReByJQ+b2uWHDBj4xulPRQ2Dw4MHstyVtyD8QjO1sUo7ifv36ZWRkFBYWLlu2rG/fvnSIOXPmFBYWEkJ0Ot3hw4e5EzbICzY3tuEM2rKX3F8CgmvPz89XKpV5eXmEkIKCApbnH3G0ucEvVe5BygY1KSOy3bmb48iRI/ytKX2giIgIR0fHhISEmJiYf/7zn9Ib0khTR7dYLZd48hATk9606cILF5I1mpLdu284Oq4zlVjd44399c/Ors2f8rrPR2RHrXvn6AEEQAAEQKBxEWBaXnLLf8nRpHL+7O/dU5n6lZiokuUrISFblq+SklJZvuJlSikypWKZUo5MSS9TSpMp8Xfmhi3RypTkWkWhTKlIpiTXuuTqR6bDPf6BTEmudeXKlGTa7LJ1I9OvH32JTKlcphR16zbd9Jaq5UZPHui02X+pRo709/G5yHZjL69zLG+eTHR0+quvGt6ko9eX5eYWNexHi9flf0PmQYdRQAAEQAAEzECAafn9wEVbzkUdX+fhumD5jstpJWxsU5383j15nDwxUSWLkyckZMvi5CUlpXKdpqfIlGSy8mKZrDxHrtPiNJkS24ctJCOTlWvlWo5MVl4ol1fJtS65+pHreJfJyh/ItS6ZrDxXru0uVz9y/f6RycpLZLLycovXcqMnD3SPZVr+1luLUlJy+btxbm7R119ve+GFeV9+uSUnp+L9c126eL/yitutW2nvvutlZ+fs5nbSWCEhJDe3aPDg7XZ2zh9+uDouLpP2r9GUTJp06JVX3Ozt569Zc4kQMnNmoELhxL7YNFxcQuzsnBUKJ1ZC+5QyJdpk1KhR3LbG8kV
<p blockindex=5><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABNUAAAEMCAIAAABsvRcFAAAgAElEQVR4AeydCVQUx9r355z73by5SUhuEvLF+0VjJ8ElQlxxTy6Jvopo4hLXG5EYwSjqjStqFEVQXBJcERVcUaMoCO47rlGj4IaIgIBsyg7NMgODaH1OipRtT08zQIMD/OvMgeqnntp+VT3d/+nqbhWpdlCpXKpTRjWzG6r66dOnHMcZSoUdBEAABEAABF4igfHO/13268q9+w4ePno69Oyl3y+H/3HtVviNyJu37926ExMRGRsZFXc3OiEq5kFUzIPHsiEnh6duUTEPcnLzZX0fV9TlR2FhqTI+8fHxNHXUqN3e3peYp5fXeRY3MhIZmd6okYeRzvpuxmevidMMydqrWZGzs/OlS8+R0i63bds2NzeXEFJcXNyuXTt9DrCAAAiAQJ0joFKpXFQql+HDd+7YcZ3GCSEqlYulpZe39yWVyuXQoaiePX3pt2penmbw4O1mZq7duq2NicmkvVWpXEJD73/wwSILi2V//JFkCIFkRbSusLCUTz/99bXX5vz88zFCyJ49t1q18nrjDdfMzKKOHdd067aWleng4MDiFUagPytEBAcQAAEQAIGXQsBU9WdC+MUbZ/xXLnJz/8XvUFTeUxEcpj8/+mhJUlKeKJUQkpenGTBg25tvzvv66y25uRpCSPv2q95/3/3OnbRWrbzMzFzd3U89U1OzZh2hZwXsxIMWpX+aUans+u2hpxn6diMrIoSEhaW0b7/q1Vd/trT0srff3bz5L4Yar1K5iM5naL1Gnrp07tz54MGD1tbWPXr0uHv3Ls3722+/OTg4pKam7tu3LyAgQL8jsIAACIBAnSOg4vni/v237tp1s6hI6+Z28tlfQsimTVe9vS9ptWUdOqwuLn4cGnr/2LFoQsgPP+wNCYksKdFZevXyo71VqVxWrrxQWKj19r70+ec+hhBIVkQPDBs2XElLK/j99wevvvozISQzs+j8+XiVymXDhiuPHuUfOFD+LWyoZEN26E9DZGAHARAAARB4uQRMVX8mXgg8F51ZqNXmxx/3cfe/oX4RE9Off//7bK227MVE3ZaTU+DUqQfz84tnzDg8ZsxeQsjly4kqlcvy5edTU/lr15L/8Y85LJf+BUP90wzjswsFrVDW6tcieT5jqKJmzZYFB9/h+eKgoIgmTTwfP35C269fLD1vEZ7PsJ4aE7GwsPD29i4sLPT19R0xYgTNotFopk2bNn78+P/85z8ajU7PI4AACIBAXSegIoSUlDweMGDbjBmHS0vLjyV5eZp+/bbk5xebmbmuWnVx+PCdT5/qfgR991039v3+z3/Op51XqVxoxsJCrZmZqwwR/YpEP0wKv81VKpesrCKZ0ipMgv6sEBEcQAAEQAAEXgoBU9WfAhgl17e4BccJDIQQpj/femteenrhi4m6rXffdcvJ0YnWnBz1u++6UQfRwZ3lEtqp0dBphmQW/ezMTRiRdDO+oiZNPA8evKvVlp05E9e48SJWsn6xQoswzrLIR6ysrIqKdKc9Go2mVatW1HnatGnXr18nhPj4+EyfPl2+BKSCAAiAQJ0gUK4/f/nl3JAh2+/fz2aNtrFZP2XKwY4d17zyymxn52Bqf+ed8uMKcxMKyPz84rffLhelQgcWLyl5rF+R8DvaUJyVUKkI9GelcMEZBEAABECg1giYqv4svH81Sne7ISGk6KrfwgMPXiTC9Ofnn/sEBkawxP37I2n8nXfceL6YEMLzxVXQn/KnGcJTDlGctUQ/Ijy1OH36Pmsn1clCf6Eni2/ceLV5819effXnFi1+Ydkla2dZJFOFFUnGe/fuHRMTQwjJz89v37499bG0tCwu1vFUq9VMlEpmhxEEQAAE6goBVX5+sYvLYbW6NDdXY2OzPjGx/LizZMmZV16ZnZCQ8+ab806ejKX9GTZsp7NzcG6uJi2tYMaMw9T4yiuzDx2K0mhKFy8+07//VkM9l6yosFCrUrloNKV//uBXqlK50ONWcfFjZjdUoLw9MTGR47ioqCh5N6SCAAiAAAiAQO0TMFX9mXR405GEgpLH2tzog6s8AiJ19+QIAtOf27df//jjJWFhKUVF2n377ixdepZ62dvvnjPnWEFBiavrcXv73ToZW/T8QE8P7vRATwh57bU5N26kFhVpPTx0N4USQvRPMyqVnRYi/KvR6E4t1Grdacbt24++/dafphpfUdOmixcvPrN/f+SNG6ms5fqNN3Q+I2yMfHzFihXjxo3jed7Pz2/ChAnUuV+/fuvXr9doNNu3b+/Xr598CUgFARAAgTpBoPz5Q3fupK1ceUF4v0RERNqECbrLng4OAWxdbkZG4aBB/mZmrpaWXrduPaI9nDLl4Jo1v7/xhmv37j4PHpTLV/3O08JFFVGjre2mZ7f49+u3hW4uWXKGRp4twZ04MURYlJE38fv7+3N/BW9vb2EJiIMACIAACIDASydgqvqTqB+c27F60fz5C5dvORabb/D5Q4SQFSsuNG686M03540bt4+dJ2RmFtnZbTYzc+3Xbwu9iUbyQE/5e3icMjNz/fBDz1Onyn/m1j/NqFR2/WFt02YFO6NQqVxGj95DfYyvaObMI66ux3fturly5YVRo3Y7OgZKNl6mnUaeuhQVFY0dO7ZFixbDhg1LS0ujtcTFxQ0ZMuTTTz8dMGBAdLTuSRwIIAACIFDXCejW3yKAAAiAAAiAAAjUJgGT1Z/yENj1T3m3+pT67rtuQUERGk1pcfHjQ4eizM0X1KfeoS8gAAIgUPsEakR/Cn9rpPHa7xhqBAEQAAEQAAGTJQD9abJDI2pYcPCdtm1Xvvrqz2Zmrp06rTl+XHeLJgIIgAAIgECVCdSI/qxya5ARBEAABEAABBoCAejPhjDK6CMIgAAIgIA+AehPfSawgAAIgAAIgEDNEoD+rFm+KB0EQAAEQMBUCUB/murIoF0gAAIgAAL1lwD0Z/0dW/QMBEAABEBAjgD0pxwdpIEACIAACIBATRCA/qwJqigTBEAABEDA9AlAf5ruGIWFhY0YMaIW2ldWVrZu3bpaqAhV1FcC69atKysrq6+9q06/am0vrk4jCSH4EqgmwMpmX7duHfRnZaHBHwRAAARAoH4QUNnablKpXPr120IIsbFZr1K5dO/uU3N9S08vfOWV2RkZhTVXhfElT5o0ieO41atXE0KuX7/OcdykSZOMz848hw4dyuKEkCNHjkyePLl79+4VGoUO+nFHR8fdu3Uv7yaEDB8+/K8XmnIdOnTQd2aWsrKyadOmtWzZ8r///a+RksDd3T0hIYEQwnGctbX10aNHOY7z8vKaMmUKx3GsZFE3mV0y4uXlNWDAAMmk6huHDBnCcdyKFSv+nLQ2HMdR2uPHj2eUfvjhB5mKcnJyzpw5M2zYMKGP8eiM9xSWT+OKQD5y5MiXX3756aefLl68WFhFdnZ2x44dhZZqxo2sKD4+3sPDw8i6srKymjVrlp2dbaS/0E1y5xI60Lg8ZKH/7Nmz9Scq3d2GDBkSExNDZ5QwS6V2hAr34nPnztna2rZs2fLbb7+NiSl/rqaDgwObyZ06dRLWLopLZqffQpIzRJSdbbIvAcm+s8bQbwnGRH+Pk/xSpTusnZ0dq66yEZlxFw7Hhg0b+vbtW9nChf7btm1r27btN998s3z5cqHdmHilao+Pjzdh/fkkJ/LoZi+PefMX+x6P07zYeeH7V44fj/nss+X/8z8/c9zi2bOPvuj4Mre++OLl/KIqM1FfJg7UDQIgAAImRkBVVKRVqVyKirSEELW6lMVrqJ1bt4ZNnnxg27ZwBcufOfNI1UrTaDQcxzk7OxNCduzYwXGcWq2uQlG5ubnCXOHh4Rs3bhQqN0KIpFGYSxS/f/9+p06dtFrduBBCtm/fLnIwtBkQEPCf//wnIyNj3LhxO3fuNOTG7Ddu3JgxYwbd3Lx587Zt254+fdqvXz+tVpuQkBASEsI8Rd1kdsnIzp07RQQk3apmpAPXu3fvsrIyGqcD5+7urlarOY4rKSlZsmSJTOGHDx/u2bOnqIX
<p blockindex=6>由于可能存在混淆情况（前几天就遇到一个模糊搜索导致1-0、1-1回显不同让人以为是注入），用单引号*3、单引号*4等再次测试，确定这里存在一个注入点。</p>
<h1 blockindex=7>第一个WAF</h1>
<p blockindex=8>开始注入，先使用百用百不腻的' and '1'='1。这个payload有两个作用，一是进一步确定注入是否存在，二是测试WAF是否存在，因为几乎没有WAF会不拦截它。</p>
<p blockindex=9>也是果不其然的拦截了：</p>
<p blockindex=10><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABU0AAAF8CAIAAAB0bQ0ZAAAgAElEQVR4Ae3de4xc92HYewYIAqRIDNdpEyD/VAgSwLIKFI0RNzdBk+A2hdPrXve6F02R1G1apzew4zj39ja+ZSJLpF7U27QsSlFIPS2bkihTJimJomySIiVSJCWapMh9c2eXj+VztcvlQySXS3JuyTF353H2N2d3fzNzZuZzMBBnzjlzzu98zpnVfDm7y3lv7Bx0I0CAAAECBFpbYCI4jYyMdfUOFm4jo6eD6060NpSjI0CAAAECLSAw74e7D7kRIECAAAECrS0QTvcZdX5rQzk6AgQIECDQAgLzNuw94kaAAAECBAi0tkDEzm9tKEdHgAABAgRaQGDevHmf+Kmf+gU3AgQIECBAoCUF5s37xLx5n4jY+YUNtqSVgyJAgAABAq0hMC8/hymXy83h2Z5KgAABAgQIzF7g0ceeWL3m1VdfXbtq9Zrvv7LqpRUrX3jp+y+89PLyF1d874UVy198+aWXf/DKqldXv7r29Td+GLHzZz/i68/05mGOgJ5OgAABAgSqCuj8qkRWIECAAAECWRR49LEnOjo7jx47cWjoyMDBQ/tzg739Az39A937+7t6+7v35/YPHjxw+OjQsRPHh0d0fhZPoTERIECAAIHaCOj82rjaKgECBAgQqLHAo489sa+jY/TU6eMnhw8OHd0/cLCnf7B7/0Bnb/++7v2dvbn+A0NDxz8cPnXmzPnxTHX+mIkAAQIECBCopcBcO7+7+0jK24FIU0d3X5Tb4UjToUjTtvf3Rbl9sLcjyi3SYR1av2lrlNu77+2OcuuPNA1EmkYjTZ2dXVFukV4WhyPxDMQaz0ikaeeezii3c5Gmi5Gmjp6BSLdcR0+EW75Fp33d/VFuG97evuHt7fl8XufX8g2SbRMgQIAAgSYW0Plz7YhYPRwl8re9vy9K5H+wtyPWcUWJ/PWbtkaJ/Hff2x0p8/tjdWykzB+NEvmdnV1zfT3ceH4snxvbm+ufkTJ/JErk79zTGSnzz0XK/IuRIn8gSuR39LTsb36JEvn7uvt1fhO/7TJ0AgQIECBQF4EqnX/l3PCBvl3rlq3uzCdMuVwu5Yf53d1HIn2cfyDKh/kd3X1z7YYbz4/Vwzo//DcCOj/8NwI6/8YrMvlPnR/+GwGdn/B/uBrMqk/n33XPvQ3/vv2qbx7GTAQIECBAgEAtBap0/vmOVUsW33Pr/OU6P7keDh/W+WGBcL2nX6rzdf50r8E083W+zs9nYKpD57/6xpu/87u/9/Irqxr78/lV3zzU8o2NbRMgQIAAAQJjVTo/f23qWK7zpy+JcOWmX+rz/HDz63ydP/2rsPoSna/zr//vrMH/qUPn/z//73//nd/9vf/0J/+5sZ1f9c3DmIkAAQIECBCopUCazu/U+YGMSF/y4TV1vs4Pl3x4qe/bD7xIDx8+rPN1fj4DU607f8Omt7/wb//P3/nd3/ut3/rtl76/qtG/bz/05qGWb2xsmwABAgQIEEj1eX7of9V+Pj9c7+mX6nydHy758FKdr/PDJR9e6ufz83WZat3599x732Tn/4cv/ked710eAQIECBBoWwGf54froPrS9CUfXlPn6/xwyYeX6vzwa9Xn+To/n4Gppp2/4/0f//lX/2Ky83/jNz7z8iur+w8MDR3/cPjUmTPnxyeC08jIWFfvYOE2Mno6uO5EOsvQhwRt+67LgRMgQIAAgfoI6PxwHVRfGq739Et1vs4Pl3x4qc4Pv1Z1vs7PZ2Cqaef/3bInyzr/j/74izq/Pu+l7IUAAQIECGRNoHrnXx55+/H5SzYeG7+aL5/8u3qH/b79an+TEa739Ev9Hj6dHy758FKdr/PL/wfWiMc17fyDQ0f3Dxzs6R/s3j/Q8H9XL5/Ph988jJkIECBAgACBWgpU6fyz25fNvzE9umk4XzrpfJ1fLfMPpS/58Jo6X+eHSz68VOfr/NL/fTXmUft0ftU3D2MmAgQIECBAoJYCVTo/H5x0vs7X+QNzm8L1nn6p79vX+eGSDy/1e/iC/6+LtrB9Oj9MlsvlxkwECBAgQIBALQV0frgOqi+tGropV/Dz+T7PT1/1lWvq/PBr1ef5Oj+fgUnnF06Czq/l+zrbJkCAAAEC1wR0frgOqi9NmfFVV9P5Or+y3tPP0fnh16rO1/n5DEzRO//Z576bGxg4d+6j02fOnPxw5NDQ0f7BQxn5+fyAt86/9v7LRIAAAQIEaimg88N1UH1p1YBPuYLO1/npq75yTZ0ffq3qfJ2fz8AUvfN/83/57cLtt377n//+v/zsn//FX65Y+Urf/sH+A4c6evo7e3MN/X3704rr/Fq+r7NtAgQIECBwTUDnh+ug+tKUGV91NZ2v8yvrPf0cnR9+rep8nZ/PwBS983/rt//57/7ev/jsH3zu8//m3/67P/yjL/6n//LlP//a0qeee/HlV3r7B/cPHsps52fgbBgCAQIECBBoZQGdH66D6kurBnzKFXS+zk9f9ZVr6vzwa1Xn6/ws/J88euf/r//iX/7rz/8ff/Qf/tOX/vTP/vwv/u///lfzb/3Gwoe++e1nvvPC88tX7N7bffjoiaHjHw6fOnPm/PhEcBoZGevqHSzcRkZPB9edmCNmLpeb4xY8nQABAgQIEAgL6PxwHVRfmjLjq66m83V+Zb2nn6Pzw69Vna/zw/8vrM/S6J3/v33uf/+j//Af/+Iv/9vX/8etC+645/4HFz/y6BNLn3zu+e+tePHlVd//wWu9/QeOD5/S+fU5v/ZCgAABAgSyI1Cl8ydO7Hpl6QMLb1uw6JHn3z54oWzcuVxuaOhUytvhw2NRbmPRprNjYxFuByNNxyJNg5GmcDWlX3o10pQ3BQXGI03BncxgYaThjM9gl1Yl0DYCH46c+nDkVD6f/8K//Xd/9uWv3r7w7vsfXPzY48ueeW75Syt+sOa1N3+04e1N72xf++bGN3648djJkQ/Hzvo8v22uDgdKgAABAgSuCYQ7/+TGF1/dP3px4tLpwY1Lb3/4R8dL0XT+2NjZg5GmSJl/LFLmD6Yv+fCakTL/auml51G5QNa6OmvjKffymEAzC0x2/h/98X/871+f/61H//apZ7674vur167bsGnztvfe/2D3B9179vXu2duzYdPWHTs/GDv7kc5v5hNu7AQIECBAYMYC4c4/uHbZj44Wtnlp97MLVu4v3b7O1/nhyD98+LDOL33R1OpR1ro6a+OplbvtEmiEwGTn/5cv/V8L71z0/PdWrH71zQ1vbd3y7s7t7+3Zuauj0Pl7O/p2fdC9ect7R44Pn73g5/MbcarskwABAgQINEgg3PlTg7p65M0nXum7NDXj2j2dr/N1fulromGPstbVWRtPw06MHROogcBk53/5K1+7/8HFK1aueW3t+sTO7+jqf39XxwedvTq/BufBJgkQIECAQHYF0nX+5ZPvv7nl8MXyw9D5Ol/nl78qGvQ4a12dtfE06LTYLYGaCMyo8zu6cx909HX1DoZ/hb7ft1+TU2WjBAgQIECgQQIpOv/ySP/uvuGkf0ZH5+t8nd+gV275brPW1VkbT7mXxwSaWWBGnd/ZM1D41/J0fjOfc2MnQIAAAQIzE6jW+ZdPDXYdOnP9l6Bd+fDDa7/et2jS+Tpf5xe9IBp5N2tdnbXxNPLc2DeB2AI6P7ao7REgQIAAgVYTCHf+hRMDR88VDnli5P01bx0uPXydr/N1fulromGPstbVWRtPw06MHROogYDOrwGqTRIgQIAAgZYSCHd+5/L5RdPSbWdLj13n63ydX/qaaNijrHV11sbTsBNjxwRqIKDza4BqkwQIECBAoKUEwp1f5VB1vs7X+VVeJPVanLWuztp46nUe7IdAPQR0fj2U7YMAAQIECDSzgM4/OzY2p9vBSNOxSNNgpKlqwKdc4WqkqZlfZfUYe9a6Omvjqcc5sA8C9RLQ+fWSth8CBAgQINCsAjp/TpHv8/yqtR8p86//KshmfZXVY9xZ6+qsjace58A+CNRLQOfXS9p+CBAgQIBAswrofJ2f/A
<p blockindex=11>由于返回的是空包，也不好确定是不是云WAF，先使用最懒的办法，也就是垃圾参数绕过：</p>
<p blockindex=12><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABTIAAAKaCAIAAACC2jEOAAAgAElEQVR4AeydCViTx/b/0+fp7U9r8Xq1t63d/ilqRUKLWKXWcl1alVJFa1WsFq2AllJbq1UQlFVEXIKKSIu4IKKgUFlUEBTcwJVVQHZBQQxbICEbLyTM3zh0fElCDBA10pOHJ/e8Z86cOfMJvfjNOzMvA2njFRaWyWKxX3nF+Y03vLy9k3HKjIwqY+MdtbUCBsORDDJgwAaBgEIIcbkiPT1X4sdGenqVjU2kJk6FGCsrKwWPmkuGJ0NNKzQBASAABIAAEHgGBAICg/Ly8xub+DV19ffuPygtv1dUVlFYWn67uCyvsPR28Z2yu/fv1zTUNzU3i6k2tS8ul1dQXIF/uI18tbFtvZzanTt3eE/t9fXXX6ekpDy19JAYCAABIAAEgICOEtCOQJ01K6SwsLatTZaby3n55XUIIYGAmjnzIIfTjBCiy3JT091bt15oahI7OycoyHKKkjo5xfP5EkR7qXTS2ntigizvCTXoAwSAABAAAlolALKcBy8gAASAABAAAkDgEQHtyHKZrD0qKtfWNtLUdDcW4V5e56qr+ejRiy7L09Iq9PV9hw713rv3uqEhGwcghFpa2kJDMySSTt/iq3SSLj02QJb3GB10BAJAAAgAAW0ROBR65E55uVAo4jc31zVwK+8/KKuo/IffLefBCwgAASAABIDAP5KAdmS5nV3UnDmhUVG52dnVWIQzGI4KPyEh6Yj2Cgi48uuvsdhBUdLo6DyZrB0hVFJSr8ZJS9BzE2R5z9lBTyAABIAAENASgfGffY5/Jnz+v6nTzH/+ZWXkieiS0oqyu5X5RWX/zEXsPHgBASAABIAAEPhHEtCOLB840C0n54FQSKWmVrz0klNw8HX090sgoBgMx+bmFuxYtChcIKCSk0uHDvUuLKzFzvPny9rb5ZpcLG51cIhW4/w7a8//t6yxjOHJyKnJUZ9iypQplpaW6mOgFQgAASAABIBAjwlM+Px/kyZ/af7VjFmzv51vtdB6ic1PP/8afCD0WFR0cVlFaUWlzu4t7/GUoSMQAAJAAAgAASCgkoB2ZPm2bRcHDXJ/+23v2Nh8c/P9U6cG48FiYvLJPfNr1+4hhOztT/Tr5zJs2JaYmHxSEIlhMBzNzAKxX6WTdFEwNDzyLeBGAMOTgX+8L3krJKFf5ufnjxs3ju4BGwgAASAABICAFgl88eW0mbO+Wfj9Elu7H3/+5bc1a503uHqyd+wOORwRFh6ZnVtY9aBWN4980yIESAUEgAAQAAJAAAjIj2MDCioJsNnszMxMlU3gBAJAAAgAASDQewJfz7Bc+P3iX1audly3wcPLZ+v2nf4BQcH7Q8OORh6Liv0r5nRx2d2a+iYdPIm993Pv8xnS09O/++67Pj9NmCAQAAJAAAhoiwDIcm2RhDxAAAgAASAABLpBYM6383/8aYW756at23cG/rEvJDT8eGTMydNJ51IuX0y9npB0/szZ85w6bgNP8IwfkNZWmxUdvM3TzWOzf9jle50ej4IQunPnDplkQUHthAl7BgzYYGy8Y8WKGOJ/0Y358+f3cgp2dnYRERE4CZfLPX/+vCbL+oqLi+fNm2dgYGBubp6e3nEij1Qq/f333w0MDH799VepVKqmMM0HUpMEmoAAEAACQOC5EABZ/lyww6BAAAgAASDwTyewcNHiNY7OuwL+PBByJPKvuITElIuXrt1Mv5V9qzAnrzgntyjl4pUbGbd4AtGzleV154+dKm1saWvlV5wPdvc7V9P5g6LL8jFjdv31V65E0nbt2j0jI7/OgS/wVWNjY2+qLy0tNTU1pSgKJzl9+vSXX37JZDKfmHPFihWVlZUikWjnzp2TJ0/G8ceOHVu4cGFtba29vf2RI0fUJNF8IDVJoAkIAAEgAASeCwGQ5c8FOwwKBIAAEAAC/3QCNrbLPTduDjsaGXcqKeXClbSrGddv5mRk5WNZnptfknWr8FLazeqaeoGEalP74nJ5BcUV+IfbyFcb2+lBpKo+g3sJ+849wA2t2Yc8TpR2DqLL8gEDNlRV8XD7iRN5nQNfyCupVMrn8y9dutSb6teuXfvHH3/QM7S3t2siy8kddZFIxGKxcIYFCxZcvnwZIZSenj5v3jx6WmVbw4GUO4IHCAABIAAEni8BkOXPlz+MDgSAABAAAv9QAj85/Lp1+87IEydPJySrlOX5BWXpWfm3bhc/W1n++ONor04Kii5pfeyQW3RZbmsbOWzYlr/+ysWPU8GBTU3iuXMP6+m5Tpiwp7i4DiF0/HiOoSH7tddc6+qE48btnjBhj/xsm0cPUs3OrkYIsVhs/HRVhJCG3fFYS5Ys6VydiquZM2eOHTu2uLh42rRpLBbL398fB+Xm5s6cOXPkyJHTp09ftWrVlClTEEI7duxgsVh0Ca2yO/PR65dffomJicE2GZjD4ZiYmDQ3NxMPNug5FZqUL3Nzcx0dHbF/7Nix+O49j8cbO3ascrCCp1sDKfSFSyAABIAAEHheBECWPy/yMC4QAAJAAAj8owloIsvzC+/cyi8pKK5QfwNcq3fL//5QpHXpSWlVHY83/dvZWZbLZO2BgVf/+1/P8eMDqqv5OMjGJjImJr+lpS0lpXTaNPmTWerqhJcu3WEwHIOCrj14wI+Lu40Qysy8/+23objLkSNZFy92bFnXsPvjgp5kZWZmMpnMffv2cTicW7duGRgY4B6TJ09OTExsbm5OSEj47LPPyLZtqVRKV7Yquzc3Ny9btiwuLg4vOBeJRKQKn0cvckkMek7iVGm0trb6+voKBALcOnz4cFybVCodMWKEyi50p+YD0XuBDQSAABAAAs+XQLdleVFRnb6+b1FRnaEh+9mXrvnoRQ1F+v76RQ1FhoGG6uvUPFJ9HmgFAkAACAABIKA5AU1k+e2icrw0/VnLcim3LLukXtWCd/rdcrFYfiu9ubll7tzDX365F899yBAP8ojTQYPcCRAGw7G+XkguEUJffbU/NbVCJGr97bc44te8O+nyRIOuVIn92WefJScnt7a2Xr16dfz48fQkJAY76ZfEpihq+fLlPj4+bW2PMfH5fBMTEw6HQ8+mnES5lXgoijpx4kRLy+OvQ8aOHdvU1IQQ4vF4mjy6lVRIcoIBBIAAEAACuk+g27LcxeVMUNA1/K7J9GprBW+9tZFEVlfzJ08O6t9/vaVliEDQcRpKXh7HzCywf//1RkZ+qakVOPjMmaKPPvLr33/9Z5/tycvr+Aun+eguyS5BGUH4nYxeJ6qLL4mfGDKReBBCKiPpAWADASAABIAAENA6Ad2V5dKmioLK5nb5jGUNDXJFSHvRZbm3dzJuaWoSv/rqemwPHuzB5T6+e0y6kmXqxHPqVMGwYVtsbCJTUh5vYNe8O8nzRIOuVIl97NixKVOmjBw58osvvkhLS6MnITHYSb8kNkVRe/fudXBwuHv3LukbGBhIFp8Tp3IShSZy2drampiYKJPJEEIVFR3/HJo/fz4u7+bNmwsWLCDBXRmkwq4CwA8EgAAQAAI6SKDbstzPT34OCn5/4nza29stLA7Q/xJbWR1xc0vi8yWOjqc9PM7iDFZWR8rLuUIh5eFxdsSIrdj58cc7HjzgNze3uLklkfNdNR/d76r8SFj8Tuo8nn/cYI8Bw7PTrFVGki5gAAEgAASAABB4GgR0VZZLassfdNzUbuOmn7xQ1XnydFk+YcKeU6cKxOLW0NAMU9PdONDK6oiDQ3Rjo5jDaV679jR2SiRtDIYjvrtO8rW3tw8fvnXMmF3EgxDSvDu9lxpbJBIxmUyJRP6kt5aWFiaTiTd+f/7554GBgWfPns3Pz6dvBZdIJEwmk6xLV9ldIBBs3rxZLBbzeLwFCxbcv3//4bf8FEWZmpqWlj7+ioFUdffuXSaTWVBQQDxz5sxRPr/t6tWreJe+RCJxdXXFweHh4dbW1nV1dcuXLycPXVPZHSGkPBAZEQwgAASAABDQZQKdBKrWC2WzLxkZ+dFl+eDBHo2NYoRQTY2ALIOfOPFPPLRQSL32Wsf
<p blockindex=13>一发入魂，四千九百多个参数绕过成功，但看返回包很明显还有WAF。</p>
<h1 blockindex=14>第二个WAF</h1>
<p blockindex=15>逐个删除敏感关键词，看看这第二个WAF到底拦截了哪些词。</p>
<p blockindex=16>删除=，拦截；删除单引号，正常；删除and，正常。</p>
<p blockindex=17>看来是拦截了'+and，然后换用其它常见关键字测试，'+select拦截，'+union拦截，'+or拦截；而'+if，'+case都可以。试着使用注释/换行代替空格，无效。对于常见函数，substr、substring、sleep自然是全部拦截，但left和right并未拦截。</p>
<p blockindex=18>看来这个WAF主要拦截的是连接词和常用函数（这个之后再说，函数不是简单拦截两个就能让人无计可施的）。使用||代替or，成功（当然，这里也有不用连接词的注法）。</p>
<p blockindex=19><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABQgAAAJMCAIAAAA5bNzNAAAgAElEQVR4AezdDVhT58E38ON1OV8p1dc6ZsW2Ty30QwF1dpPNFa300fLSCp3rlq2uX0o7a1tt+6xRoiJgrIokPirQRqpShq1VhlArKkpVREUFhEIq8WNQayGE8mFywkdEcr9lt7s9hBCPnCQi/Xtxnd25z/35C9fq33NywhEJfyIi0mfNSk1PLyspqeY4OSGE4+Q2PykphcIZEhKOL1iQRWsslmu7dpV3dFgJIefP/0Ar/f1VWm0tIaSpqeUXv4gR9pVY5mI4iSOgOwQgAAEIQECiwBvzF8TF/+/OjN179uZ+dfj4sRNFJ0+XFp3RlnxdUVp+rkx7Xnv24je6yrPnqs6eq2p3+Keh4QptdvZcVUOj0WHbdonL/te//iVxBHSHAAQgAAEI9GUBSVlx6NCo0tIas9mSn181YMCi5OSTbKs8b+E4ucnURmtmz/6M5y25uRe8vZUVFQZaeejQRau1MxW3tFydP38XrVy+PGfWrNTGxhaVKu9Pf0pjA0osXGy8yMVwpbWljscJDg4OCwtz3AZnIQABCEAAAr0WQDDuNR06QgACEIAABFwnICkYr117ZNiw5aNGKbOytCEhm6dPT6YLzczUsuvGBQWXCCHz5mUMHqzw9V2Tmallm2FtOE4eFJRE602mtuee+2TwYMXUqR9dvnyFNbZbkMlkduttKhNOJXAxHP1R5iltzgpfarXaSZMmCWtQhgAEIAABCDhRAMHYiZgYCgIQgAAEIOAsAUnB2FmL6DvjqFSq4uLivrMerAQCEIAABPqZAIJxP3tDsR0IQAACEOgfAgjG/eN9xC4gAAEIQODOEOjDwbijQbt3i2pF1PJVm/ZfbOnKKfyM8f7958aNU/+f/6MYPXpVZOTerg1v56spUz68LdNnZ2e/8847TzzxxG2ZHZNCAAIQgIBTBBCMncKIQSAAAQhAAAKiBPpsML723f4NiVllNear7VVfbT+u77obFoy/+ab2vvtW5udXNTdf/fzz0ief/KhrQ3e8WrQo2+409fXNdutdXVlUVPTxxx+PHj3a1RNhfAhAAAIQcJ0AgrHrbDEyBCAAAQhAwFagrwbjq+Xb1+6u7Hwipt0/LBi/9NL2hITjrI1KlcfK7ilotbUjR66wmevatY6mppb9+8/Z1LvzJYKxO7UxFwQgAAGnCyAYO50UA0IAAhCAAAR6FOirwfi77NVb88r2ffRBtHLdtgL9VZsNsGD80EOrL11qsjlLv2Txuec+GTo0aubMrY2NnTdiP/74+nvvjS0v1/v5qYYMWRYbe7CnStr9+ef/MWTIst/9LvHcuTo6fnPz1bfeyrz33lgvr5ikpBOEkMWLs4VP7mTLWL48Z8iQZfSbI1llU1OLmCXR9i+//DLr6KDQ0tKyfPnyX//6148//vg//vEPYUubYGw0Gl9//fWAgICIiIgrV64/TDQzM/PJJ598+OGHf/Ob37z++uu0u9FonD9/vr+///PPP19ZWSkcE2UIQAACEHCbAIKx26gxEQQgAAEIQID01WCs27E0LuVIRWNba23+5pjNp/iu7xULxj/7WaTFcq3ryc5Xr72W/t57u43G1vff3zN37k5CyIkT33KcXK3O+/77K6dPf+fhsaSnSkLInDk7MzO1bW3tX311YcaM619y8dZbmeHhKTU1xh9+MI8ZE88mtQnAtL69vcOmXuSS2LBiCsuXL3/ttdcMBkNjY+N///d/C7vYBOPIyEilUsnz/AcffLBo0SLacsKECYWFhVevXj1z5szvf/97WimXy3NyciwWy/Hjx1988UXhmChDAAIQgIDbBMQGY52uzsdntU5X5+enctvi2ETiZ9fV63w2+OjqdX5Jfqy73YL4lna7oxICEIAABCDQC4G+Gowv7opJOWP594aulqQuz7jQdW8sGP/f/xtVW2uTmjub/vzn0Q0NnR/xbWho/vnPo2lvYVJlZVYghLDyz38ezS4FDxu2nHb/xS9ivv/ezhc3sl5d13hjNFovfkk24zh4+fjjj+v1Np+/vt7cJhhPnDixqanz0npTU9PEiRNpow0bNsydOzcpKamqqkqn09HKiRMnjv7Pn/HjxzuYHacgAAEIQMB1AmKDsUKxT6MpoEcxqzEYeOFHgKqrjdOmaTw8loSFpfA8/Q8vKS/XBwUleXgsCQhQ5+dX0WFDQjaz/zR6e1//zmHxsytyFZoiDT2yddY112Wfz56aMpXVEELsthQ2QBkCEIAABCDgdIG+Gox/OLT+fw8Z/r3d1qKtK3d/23XnLBgHBSWlp5exk1lZWloePjz6ypVWQsiVK629CMbDh1/P1WxkQsg99yxvarr+eOyWlht3d4sMxuKXJJzUcXnChAlGo5G2aW3t3C/7YxOMf/nLX5pMJkKIyWRiwZgQYjabd+/eHRERER9//Rr4L3/5Sxqh2VAoQAACEICA+wXEBmO1uvPpGvR401VardbQ0C3C/27JZNuionKMxla5fE909AE6gky2rbKywWy2REcfeOSROFo5b16GydRGCGlra//00zO0Uvzs6hPqznX++8jWuUO7Y0ziGC6my2bttmRdUIAABCAAAQi4QqCvBmNS+9X6VZ8W1bW21h7bsnq7tvO/xII/LBj/4x/FPj6rCwsvm82WjIzyNWsO01Yvvrh9yZJ9JlPbsmX7X3xx+78ToIXj5DTQtra2c5z8ypVWs9lOJSFEJts2f/6uxsYWvd70/vt76JizZqUuXPhFU1PL5ctXli7dz5Zz111Lzpz53my2rFjR+bll+qel5SrHyX/8S8V/KojIJbH2Ygrz5s2LiYkxGo16vV6lunEPXWtr6+jRo5ubbzwW+913342PjzebzSqV6t1336WD79ixw2g0Xrt2raioaNy4cbTyrbfeWrZs2ZUrV+rq6j744AMxy0AbCEAAAhBwukCXrOis0VWqvIAAtTAYDx8eTR/FUVvLs5uxp069/h0PZrPl7ruX0dkvXKinhR07SmlCdsqqrMRqE4ydMiwGgQAEIAABCNySQJ8NxsTyff62/10RFR33cfa569dEb+yMBWNCyLp1R++/f+XQoVHz5mVcvXr988Z1debQ0C1Dhix79tmtP/xgprdJc5w8JGQzIeTZZ7ey28G6VxJCDAZ+1qzUIUOW+furSktr6MTff3/l//2/zXffvWzChHVnz9LL2Z1nVqw4OGTIsv/6rw8OHjxPWy5dup+NzyK0yCXREUQ+fEuv17/yyiv+/v6hoaEXLly/3/zvf//7f26FHv33v/+dDtjQ0PDqq6/6+/vPnTu3sbGRVv7+978PCgp6+OGHf/vb327f3vnPB4SQ+vr6efPm+fv7P/3002fPnqWVOEIAAhCAgJsFJAXjtLRif3/VoEGRI0bEKpW5dOlFRZcnTFhnMPDCYOzpuZTeQd3Q0DxkyPUMzLZaWHh5zpzOB3UI/6xfny98abcsk8ns1tutRDC2y4JKCEAAAhBwp0DfDcYOFYTB2GFDnIQABCAAAQjckQKSgnF4eEpFhaG9vaOsTD9w4GJCCM9bZs7cqtd3fqhGGIwDAzfGxR1uamqJjNxrE4wtlmuLFmUbjV0+qFNYePmf/7zxESan0CIYO4URg0AAAhCAgBQBBGMpeugLAQhAAAIQcJGApGDc0WFNTy+bO3dnYOBGGoNjYw9WV1+/AUsYjI8dq/LxWe3trdy06SS7lZp+kDg1tai1td1me++/v8fuQy9tmt3SSwTjW+JCYwhAAAIQcIUAgrErVDEmBCAAAQhAQKKApGAcEZE+a1ZqenpZSUk1jcHsEz6skJJSKFxiQsLxBQuyaI3Fcm3XrvKODish5Pz5H4TNgoKSrNbOeif+QTB2IiaGggAEIACB3gkgGPfODb0gAAEIQAACLhWQFIyHDo0qLa0xmy35+VUDBixKTj7J1srznY+dZE/Pmj37M5635OZe8PZWVlRcf37GoUMXafptabk6f/4u1pcQwr7DUFgppXyx8SIXw5XWljoeJDg4OCwszHEbnIUABCAAAQj0Wg
<h1 blockindex=20>第三个WAF</h1>
<p blockindex=21>实际上，这个WAF（或者说拦截）我搞了半天才发现。</p>
<p blockindex=22>很显然这个系统过了很多个开发的手，不然我不觉得有点追求的开发会写这么多个过滤拦截在代码里（毕竟这一点都不优雅），被打这么多次就直接上ORM好吗？好的。</p>
<p blockindex=23><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFMAAAFQCAIAAABMM9VNAAAgAElEQVR4AXy8B3Rb17Hvjd5Y1GwViw0gqd5FUsWS1XuXXGLHTtydxImd3uMeO05c4hqXWLYkEsApANhFkZRIsYkVHQc4dZ+Cg8oiyUnuzb3vrfvWPqBkObnft9ZeWKREUfidmT175j+zoVI7WI2T1TlYg4PT2VmtY3rplG/1Ds7gBDo7a3ByOjuls9Na59eX8vMaO3PrUjsYtYPROMGtS4vwWoTP/YkKAbcujfJXWkRQFn/jCyH3T9Qor0Z5lROoHJzKwWocX/u/NHZaYyc1dRHNWUJzNqJ7b8jykzPF9/1u6b4nKjafLFt/0Lb+wOKaw5Wrdy1evn3R0q0VizaUV9RUVFSrtHZGZ2f1Dri0dQx8/belcTBaBwvZlC/+5QdyzGr4Dqbfk7qOhsvBqR1fg9c4gfKH3M0nokYUKuVBTBMiQI0ANXrr4lQIq0bgb1M7WJWdVt34v+C7crBqO62uI7TnotpzhP794byfni3+xnNL9j9RcefJknUHylbvXbT+4KI1excv27lo6V22RRtt5dUV5VUqAwKMCDA4OL2d1dUxesXs/0KoyT3pW7BzkLlHcBMYWkNZylvJkXP/wq+qY29iwwdxC/ktXqCgotwN/q+RTzvUzadsZ1R2SlUXVdeSqrNR/fvDhT+vLbrvd4v2PV6+5aRtw5GK9Qcr1x6oXL07R26t3Ggtr4Y2NzghtsHOGutYQx2E19xi81sJb5paY2dyVtXYoS/k3OHm32qdikNCh89hf2V5tYNT1TIa57TPf52cVyE3F1AhnPrfyJVHxqmdbA4+9x5UdbSqjlLVxdS1lOpcTPPe0Ixf2Yvvf862+xHblpPlG4+WrztQsXpf5cpdi5ZvL1+61Va52Va+saKiRmVwcsoCBujzX9vqX8Hc8ixynPB/VZ76TXL4jHK+52RVDkb1v5MDVR2jgbsdwkPvVWw+/arsZzXKa+ACty7o6tNRg9M4OeWXM2rFADfISVUtrTpHaj8aLfits/ThVxYdfsp216mymsO2dQfKV++tXLWrcsX2iqVbbYs3WytqbNDbnRx0eEwwIEDv5P5X2luDyq0/kLM5dAE7DZcS2BRsuBX/3ea5fa5xAi3CK5uWUzlBbntrMOHm0qICXDDgwaB4My5CmyNAg3DKL5+OKapaSrG5Ql5L6v7qy/sdUvzIK4uPfjdHXr7+QPmafeWrd1as2lG+fIttyUZrZbW1Yh30diMCLLhkRHmtg9U5uZs+fCvkTdvqnJwB5XUI0CmPCT74G/EGBhsnXP9fNr+5wyF5LlY7gUoxtQYTby4tJupQ8X8nd0JvV9lJlYNSvIy5YfMofAS1Md1pn+k5dOEjr1QcftK69VRZzdGKqsPla/dbV+0sX7XDumxL2aKaMki+Htpc7+BMCG9AACRHpsm/ils3NrPWyeoQYEB5A8rrUYXcyX1twzvhAam5uQ//bZ//K7mTg1EN5VUYr8ZFNS6ocV6DibeSK/viq7gAXX2anMxZCJLbKZU9plg+qjvtNb6A3/HYq7YDj9nuuse28Xhl1ZHK9QeXVB2oXL2rbOmW0srqsopqa0WVKmc6nZPLGdOgWP7frZ37k9yPaZ2csqZj21dR0MnC8HZj3fJLcj//1asOnlswYqtQToVxKgzA5eK1GNDirMrDqJoYVQOtcpEqhFQhtMrBaZQDUoUxKpRSOaIqJKZxwviqhjGFVtmjantMU0doPxsxvuReAMkfL7/rPmvN8Yr1hyvXH15Utb9y9e7yZXeVL95UvmiDDZIrfjvtw7fscwiJgOkFUb92zt/cETdd4ybn/0b+tX+rVX4zJEdZCI+wapTToECHCganYHJKBgSaXY8Co5PR1cV0dlJvpw0OxuRg8xy0Domp0JjGEdPeQq52KOT2sPazEctrLSXfe2vRkaesW+6xbVBsXnW4Yv2+ilW7FPLNtsocOXwfEDL31nPxWefk9Ai4uXL808nMjSNNW8foYBYEl/Igpk+4m4/ghmsopr71dMiR5+yMwRhudACzHeQ7gBlhzThZ4I7djhPlaHAZ4l+BeTe3EMew0ElX7IFm8XhrdqGHVrnDZnsUkk+HFVplJ5QjHZKbX29b+P0/Lz7+vfKt99k2nKysOr6o+mjlukPlK3fZlm6zLrrTWrnRVlGjgm9UcfWcJyuvrA5uaVaPsgaEMSJKAqsknmoH0NYB3TmgsrMaO62zQ4No7aTKSWnrYlo7YXDQZjtpccC3pcGAVknFNIigdQhaO6etY2Du4AAGO9AjvBHnZ7iZ293RRQi9wslUY8LOBvHUef+j7bEfdfHv9HCf9YMvBnncn7zoTXWHx7uiE28N/GNZQ1zloYwIoXMyGiejpHSUqo5Q1cbUdSH96THD6+1zvvum9cgTtq332DacWFR9rLL6aPm6g7YVO61L7ypbvLmsogZ6+00TTZNDD2d1CKNBKA1CaZGYDiE10DMFFSqqEF5XB/K/4HR1jM5BGuyEoS6iq4uo0HBpXXC5fWSDK7YbD+3w+GxuUo9xWozVoqwW5Q12MKM2OveMb0ldZFlddC3Kbm2Qj7Umnr4EnusOv95LvdMLagdT58NXe6l4HxO/wsjDIDXGZ7x8JgyyUSYb5DJ9rPzp6Pj61oTGxakaIjoEpq43jjSFvDZs+Myrf71zztPvlB170nrXKduGY5U1R23rj5Su3Vu6ckfZ8q1lSzaVVVSXV6z/ijz3CBR+RocwWoTWOCkNEtGhRD4WnI8RZfZIZa1vERpYisQK6qJGR8xsjxjOBQsR4s4m388vgQ/6xHODMjrIfTzEP9YmzHLROiwy1x5b64zta4g80Rb7dQfxanfkDz2R98eEc+F0YyjVE0uOUPERWh5i0iNcxiuMB8XxsJgN8ekglwqxqTCXIrkMCTIBIdPLSR8FJ1e3J40Yr8cJeAzlyGtjqnOE6mxMdTas/8yn/+Ol2c98UHrie7btp2ybjpVXHyldd6hkzb6yVbutK3ZYl9wJycvXw9ieC+9wh+cOMCetQ1gtwmqc9G1nwuvOcPe2jP2kK/zWJeYv7dTbl4VnulKlrqjJQebZyXxntLiJe6HX3xpN9HHxETrpjSU8kYnvd18rc3MmNFzlFn53IYH75U4q0U2Cy6zQC+QBITkiJv1iIiAmgiAZ4rJBbnJQGr8iZUY52c8kfIwUYKUIGydYOQqSESE1Ek908txrPrmyTTIhIM9B6Jyc2s6oaknVuZjqLKE6Q0Ly0wH9n7pmP/ux9Z5nK3bfV37ncVv14dK1h8rW7Leu3mdbudu2dEtZRU15eZVKj8JIloOfNjsMeJxWgV/hll68wHvGqK6oMEqlRslEJym8M5BY3UQV2rk8OzvbHt2AMp93E92E7GfkIC0HqHFPbOK7V6jVuDDDGdvZIn00nO5n0kPC+CDIjApXx8S/KevvQ9z1Qe56P3XVQ199j/3yefo/fx34589H/vH2INtBxAIMH2alKJBjXBJQVyOsXBeJ770k57lZA8KanTGNg1bDWoVU4KOqs5TqXER32qd74/KsZz+13vvDij3fsG05Yas5Urb2kG3twfJVeytW7IQJbMVGm61KBdMSJYwbMcGEi7n8DCYtSt5SiTBvXeK6w/wYlwqw6QCb6KPAJ/3xjY1UAQo0GGVGfFV4+MylaHdYDtKJMJMI05Mt4fGf94SWnidnOkI7msEHkWyblOmQp9rjV/vpqTb+6mdM4rmA/J3RLx8dmPhml7zjPFPaTNzeRC1q5neg3ncbAqMRPsLJBJuIgmSMS/JMqpkcf7g7Udokm1yczknrnKTaTkJsuCgID/N2Qv+5T/dm76wfni6798fWPfdbtxyfJl9zoGLlnorlO8qXbLFVboR5O8zYlbTMiAlm5Wtl/yiluBMs9/Bvd02TB7lMiE2ORfi6XnlPE1eEMYVocC42uM3tPXOJ6I7IAVoOsokoPdnjHX+jPXSsfmB/A3OiXX58JP2dQPqhAe4bl8ld7V9WX7o+ry1hahDy3VK+K1HgSua546omoG2KlaCjP2
<p blockindex=24>言归正传，一开始我认为所有WAF都被绕过了，但碍于这个关键字拦截不好直接上sqlmap跑，于是只能手动注入之。要手注最开始肯定要判断下数据库类型。</p>
<p blockindex=25>使用USER无报错，USER()报错，排除MYSQL。</p>
<p blockindex=26>使用db_name()报错，排除MSSQL。</p>
<p blockindex=27>使用exp(291)报错，exp(290)不报错，确定当前数据库为Oracle。</p>
<p blockindex=28>确定数据库之后选用payload，由于是只能使用or的盲注，我选择使用1/0也就是除零报错进行盲注。</p>
<p blockindex=29>构造payload为' || 1/(case when 1=1 then 1 else 1 end) || '，使用永真看一下语句是否报错，结果却报错了。</p>
<p blockindex=30>换用if(1=1,1,1)继续尝试，结果还是报错。</p>
<p blockindex=31>理论上用在大多数数据库上都生效的基础语句为什么会报错呢？这实在让人百思不得其解。</p>
<p blockindex=32>由于想了半天（真是打死我也不敢想开发会弄三个WAF来恶心我）想不出个所以然，所以我决定先放开这头，去测试字符串函数。毕竟手注中最能令人信服的证据莫过于注出当前用户名了。</p>
<p blockindex=33>substr、substring就别想了，会被第二个WAF拦截。使用left('a',1)代替字符串，居然还是报错？</p>
<p blockindex=34><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABPYAAAJGCAIAAABX/JxBAAAgAElEQVR4AezdD1hT970/8OPzOB8Z1cd6uVZse2tD/yig3m6TzTu00kfLjwp0rrvZ6vpPWWftqtvuFiUqAsapQOJVQRuoSrnYP8oQWkVFqYqooEChkElUJnU2hFD+mBz+RSTfX9nXfT2EEAI5aAhvH57sm+/5fP+c1/G5t2/PSeDIkP1RKvP9/VUcJ2MrTJwY3dTURgipq+N9fZW0f96892mjpcX80EPrafvatQbaOHCg3GTqoG3nXy3EwsVwzs+DGSAAAQhAAALOCLyzYmVcwv8ezPz8yNG8L06fP3ehpOhSecmXmrKvqsorr1RormouV/9Ne/3ylZrLV2o67f5pbLxFyy5fqWlsMtqt7ex/z+ZvCvb/78ao6LgPcq4Yrcv//ve/s65t284+9tim8eOjli/PvH37Du2vr28JCdk7btz6RYv2ffttCyGE42QcJwsO3kMIWbRoH31rs5MQYjDwixenjRu33s9PWV5eS+f85ptb/+//7XnoofWzZm27fNnANrBx48lx49b/x3/85eTJq7Rz3brjbP51644PaEu0+I033mDz22no9fo333zTz88vJCTk2rVrtPJPf/rT1H/9+dOf/kQ7Gxsb33rrLT8/v2XLljU1NdHOn/3sZ4GBgU899dRPfvKTTz75hHY2NDQsX77cz8/vxRdfvHz5Mu3EKwQgAAEIDEJAhLyXnl7q56ccMyZy0qRYhSKPbqKk5OasWdsMBl4YcT091/G8mRDS2Ng6btzdNMs2XVx8c+nSg+wtbWzfXmDV0/utVCrt3dlXDyJuXzLohwAEIACB+ybguhHXLoEw4totxEEIQAACEIDAAxMQIeKGh6dWVRk6O7sqKvSjR68hhPC8OTR0n15vov98y04uIGBnXNzp5ua2yMijVhHXbL6zenWO0djOir/7597i4pt//WuFsMf5NiKu84aYAQIQgAAEnBRAxHUSEMMhAAEIQAACfQmIEHG7uiwZGRXLlh0MCNhJ79nGxp7U6e4+3iS8i3vuXI1EssXbW5GcXMQeVCaEdHR0pqWVtLdbP0D15z8fqavj+9r64PoRcQfnhlEQgAAEICCiACKuiJiYCgIQgAAEICAUECHiRkRkLF6clpFRUVamo4GWfRKGNVJTi4WrJiaeX7kym/aYzXcOHars6rIQQq5e/VZYFhi4y2Lp7hfxDyKuiJiYCgIQgAAEBieAiDs4N4yCAAQgAAEI9CsgQsQdPz6qvLy2pcVcUFAzatTqlJQitirPmzlOxr4vasmSj3nenJd3zdtbUVV19xsjTp2qpjm2re32ihWH2FhCyIQJG4RvnW9XN1VzMVx5Xbn9qYKCgsLCwuzX4CgEIAABCEBg0AKIuIOmw0AIQAACEICAfQERIm58/JkJEzZMmaLIztYEB+9ZsCCFLpmVpWF3cQsLbxBCli/PHDtW7uOzNStLw7bFajhOFhi4i/UTQp59Nl74tq+2g183lXgxkYvh6I8iX9HXbIQQjUYze/ZsOwU4BAEIQAACEHBGABHXGT2MhQAEIAABCNgRECHi2pl9mB5SKpWlpaXDdPPYNgQgAAEIuL4AIq7rXyPsEAIQgAAEhqkAIu4wvXDYNgQgAAEIDGMBV4245pIPI+/92XzkHz2N8UuDenrgHQQgAAEIuKIAIq4rXhXsCQIQgAAE3FvAVSNubf5nFwzmf37R452a0q8ara4CIq4VCN5CAAIQgIALCiDiuuBFwZYgAAEIQMDNBVw14t5qbOyi9C2aEq3Z+iog4lqL4D0EIAABCLieACKu610T7AgCEIAABNxdwFUjLnNvvFR49Q57968GIu6/JPC/EIAABCDgugKIuK57bbAzCEAAAhBwVwFXj7i6Uyf/1jvhEkRcd/0LifOCAAQg4E4CA4u4Wm29RLJFq6339VXefwXHV9c2aCU7JNoGre8uX/v7dLzS/jw4CgEIQAACEHBcwMUj7s3jGRd5G2eDiGsDBV0QgAAEIOBiAgOLuHL5MbW6kL46ciIGAz958kZWqdMZ589Xe3isDQtL5fm7H/GprNQHBu7y8Fjr768qKKihxcXFN3/0ox3f//7aH/5wR2npN7TT8dXleXJ1iZq+stXrW+tzrubMS53HegghNiuFBWhDAAIQgAAERBdw7YhrPJdyoMrWOSPi2lJBHwQgAAEIuJbAwCKuSpVPCKGv/Z6HxWIJCdnLcTJWKZXuj4rKNRrbZbIj0dEnaL9Uuv/69caWFnN09Imnn46jnc8+G69WF7a23t6x49y0aQm00/HVVRdU3fv85ytb/YDmwLSkaVxMj1O2WcmGoAEBCEAAAhAYCgHXjrjVh2I/uWzrtBFxbamgDwIQgAAEXEugR94Td2tKZb6/v0oYcSdOjG5qaiOE1NXx7FHnefPep+u2tJgfemg9bU+cGN3Q0EoIaWu7/W//Fi3WxizEYhVxxZoZ80AAAhCAAAQcF3DtiFtzeFv2322dDCKuLRX0QQACEICAawmIEHHT00v9/JRjxkROmhSrUOTR8yspuTlr1jaDgRdGXE/PdfT55MbG1nHj7qZZ5lFcfHPp0oP0rVpdGBy85+uvm9LSSj744CKrsdmQSqU2+212IuLaZEEnBCAAAQjcTwHXjrh9SiDi9kmDAxCAAAQg4DICIkTc8PDUqipDZ2dXRYV+9Og1hBCeN4eG7tPrTYQQYcQNCNgZF3e6ubktMvKoVcQ1m++sXp1jNLZTmdbW22+88enPf54WFKRubb0tIhciroiYmAoCEIAABAYngIg7ODeMggAEIAABCPQrIELE7eqyZGRULFt2MCBgJw20sbEndTojXVsYcc+dq5FItnh7K5KTi9iDyoSQjo7OtLSS9vZOtt033vj0woWvCSGbN596881PWb/zDURc5w0xAwQgAAEIOCmAiOskIIZDAAIQgAAE+hIQIeJGRGQsXpyWkVFRVqajgZbjZFY/qanFwh0kJp5fuTKb9pjNdw4dquzqshBCrl79lnY+9ND6trbum7c8b/b0XCcc62QbEddJQAyHAAQgAAHnBRBxnTfEDBCAAAQgAAGbAiJE3PHjo8rLa1tazAUFNaNGrU5JKWIr8byZ42QmUwftWbLkY5435+Vd8/ZWVFUZaOepU9UWS3e+bWu7vWLFIdr53HPbt2493dp6e9euC889t51N6GSjuqmai+HK68rtzxMUFBQWFma/BkchAAEIQAACgxZAxB00HQZCAAIQgAAE7AuIEHHj489MmLBhyhRFdrYmOHjPggUpdMmsLA27l1tYeIMQsnx55tixch+frVlZGrYtVsNxssDAXbS/qsoQGLjr+99fGxCws6JCz4ptNhz8uqnEi4lcDEd/FPkKm1PRTo1GM3v2bDsFOAQBCEAAAhBwRgAR1xk9jIWAGwhIpdKGhgZCSGfnvU/qsfOqr6//4IMP2Ns1a9Z89dVX7K2wYTabFy1aVFdXJ+wUtj/77LNPPvlE2ONM++TJkxUVFXSGFStW9DtVVVVVUlKSnbKTJ09u3LhRWGCxWAoLC7u6uoSdhJC1a9cWFd27kWZ1FG8hIBQQIeIKp3OPtlKpLC0tdY9zwVlAAAIQgIALCrhTxI2Li3vyyScp8rVr1374wx9eu3btpz/9qYuwj+QtueC52/xb4X777OuM9uzZw/LhK6+8QjXefffdzMzM3jJ//vOfDx3qfrxRp9O99957d+7cIYTQJx9pZ+4//0RHR//yl7+k7dzc3GPHjoWFhV2+fO83W8vl8pqamvb29qNHj+b0/PPWW2/duNF9F8pgMLAZhI3s7OxFixbRGrrDt9566+bNm7S9bNkyQkhlZWVmZubhw4f37NnT+yy+2+rbb79tNpttHiKErFq16siRI/X19ZcuXUpNTY2KilqxYsXKlSutIj3P835+fpmZmfQMYmNjjx49KpzTpvmTTz4ZFxcnLEN7hAgg4o6QC43ThAAEIAABFxJw2Yhr1l08sGtrzIboLbs+vVhr/RsNbP7SoMcff7y8/O4ngDZt2vThhx/S1y
<p blockindex=35><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABSUAAAJDCAIAAABymeZ4AAAgAElEQVR4AeydCVhV1frw6Xn6evJv9XT7dl1BiIMgCWJmCWogDilcHLCsPwRhhHgzSrH0IoIaIioSYOgBRMNwTMVARHFIc8AJEIWAD3BOu8zTGYEtw/qwRavl3vscNufgAL48Pqd3v/ud1m/tvTvv2ZMB6rm/qKgzNjbRBgYBJOQrr4TU1zcihCorldbWUVjv6LgRCyoV+8ILy7B8/XotFvbuzVcomrGs/2c7ajdYYaB/HIgABIAAEAACQEAfAl/4zY+I/D45Jf3Q4RO/njp/7kJuVk5+7pWivN9K8guvFhRdKyq+8f9KbxVfvV189XaL1r+6Ohk2K756u65ertW2peua2f+e3fn9yuUhET9kXJVzzW/evElU69ZlGhuveuml5XPnpty714r11dUqF5ctL764bOrUH2tqVAghA4MAA4MAZ+dEhNDUqT/iRUElQqiqSvnBB9tefHHZ0KFR+fnlOOZ//yv7178SX3hh2fDh64qLq0gBK1cef/HFZa+/vvr48WtYuXTpURJ/6dKj3SoJG3/66ackvhahoqLC29t76NChLi4u169fx5aLFi2S/PW3aNEirKyrq/vss8+GDh06e/bs+vp6rHz//fcdHBwsLCxGjx69e/durKytrZ07d+7QoUOdnJyKi4uxEj6BABAAAkCgjxHQpRfdsePy0KFRzz235LXXQsPCTmAiubl/DB++rqpKSffb/fsvVSpZhFBdnfrFFztba0Lw0qU/fHySySIWYmLOcjT8RTc3N75Skwb6bU1kQA8EgAAQAAKPjMCT229rRUD321oNYSUQAAJAAAgAASAgQECXftvVNamkpKqlpa2goOLZZwMRQkolO23ajxUVCvzDNsljZ7chIuJUQ0PjkiWHOf02y7YuXpwhlzcR444fwi9d+uPnnwtojf4y9Nv6M4QIQAAIAAEgoCcB6Lf1BAjuQAAIAAEgAAR6IwFd+u22tvZ9+wpmz062s9uAz2aHhh4vK+u8Co0+v33u3O1Bg8INDcM2bcoi15MjhJqbW7Zty21q4l7n9p//HKqsVPYsR+i3e5YnRAMCQAAIAAEdCEC/rQM0cAECQAAIAAEg0NsJ6NJv+/ru++CDbfv2FeTlleHumtw9RYSkpEs0Gqn0/Pz5aVjDsq2pqYVtbe0IoWvXamgzB4e49vb7+h78g367B2FCKCAABIAAENCNAPTbunEDLyAABIAAEAACvZqALv32Sy8tz88vV6nYs2dvP/PM4s2bswgCpZI1MAggDzzz9PxJqWRPnLhuaBhWUtL5yJOTJ2/gprqx8Z6fXyrxRQi9/PK39KL+8o36GwYrDPIr87WHmjBhwvTp07XbwFogAASAABAAAjoTgH5bZ3TgCASAABAAAkCg9xLQpd/+7rvTL7/8rZFRWFpakbNz4qRJm/H49+8vIue3L168gxCaOzfl+eeDzM3X7t9fRBgRGwODAAeHOKJHCL3xxnf0oiZZ5PPSpNlSgxUG+F/YmTBN0RBCRUVFtra2WgxgFRAAAkAACAABfQhAv60PPfAFAkAACAABINBLCejSb/fSoWopOyoq6vLly1oMYBUQAAJAAAgAAX0IQL+tDz3wBQJAAAgAASDQSwlAv91LJw7KBgJAAAgAgd5E4Entt9ncrUv+/ltz6O6DUOF9YA/ygCUgAASAABAAAt0jAP1293iBNRAAAkAACAABHQg8qf12+ZkDF6rYP59U2nr78m91nKFBv80BAotAAAgAASAABLpFAPrtbuECYyAABIAAEAACuhB4UvttWV1dGx6Pqii3lOUODfptLhFYBgJAAAgAASDQHQLQb3eHFtgCASAABIAAENCJwJPab5PB1OVcvNZKlv4SoN/+iwT8FwgAASAABICALgSg39aFGvgAASAABIAAEOgWgSe93y47efz/8dttBP12t2YZjIEAEAACQAAIcAh00W+XllYPGhReWlptbR3F8XwEi+Kzl9aWDlo/qLS21DrOWnth4i21x4G1QAAIAAEgAATEE3jC++0/ju7LVgqMBvptASigAgJAAAgAASAgmkAX/XZQ0JGEhIv4U0zMqirlgAEriWVZmXz8+IR+/YKnT09SKjtvCyssrHBwiOvXL9jGJvrs2dvY+NKlP0aOXP8//xP8zjvrL1/+L1aKzx50IighNwF/kuzV6uqMaxmOSY5EgxAStKQNQAYCQAAIAAEg0OMEnux+W35u894SoTFDvy1EBXRAAAgAASAABMQS6KLfjo4+gxDCn12GbG9vd3HZYmAQQCzd3HYuX35MLm8KCDgUEvIL1ru57bx1q06lYkNCfhk8OAIr33jju4SEi2r1vfXrzw0ZEomV4rNHX4i+X+efnyT73qK9Q2KHGKx4YIyClsQFBCAABIAAEAACD4PAk91v30gN3V0sNGzot4WogA4IAAEgAASAgFgCD/SiYp002EVFnbGxiab77VdeCamvb0QIVVYqyRXpjo4bcQCVin3hhWVYfuWVkNpaNUKosfHe//2/IRoydFvdjto5/Xa3Q4ADEAACQAAIAAG9CTzZ/fbtg+vSbgqNEfptISqgAwJAAAgAASAgloAu/faOHZeHDo167rklr70WGhZ2AqfKzf1j+PB1VVVKut/u338pvoy8rk794oudrTUp7dKlP3x8kvFiQsJFZ+fE33+v37Yt94cfsomNoODm5iaoF1RCvy2IBZRAAAgAASDwKAk82f22RhLQb2tEAyuAABAAAkAACIggoEu/7eqaVFJS1dLSVlBQ8eyzgQghpZKdNu3HigoFQojut+3sNkREnGpoaFyy5DCn32bZ1sWLM+TyJlykWn3v00/3zJy5bcKEBLX6nojKxZpAvy2WFNgBASAABIDAQyMA/fZDQwuBgQAQAAJAAAg8uQR06bfb2tr37SuYPTvZzm4D7q5DQ4+XlcnxKOl++9y524MGhRsahm3alEWuJ0cINTe3bNuW29TUQsB8+umeCxd+RwitWXPS23sP0esvQL+tP0OIAASAABAAAnoSgH5bT4DgDgSAABAAAkCgNxLQpd/29d33wQfb9u0ryMsrw921gUEA519S0iUah1R6fv78NKxh2dbU1MK2tnaE0LVrNVj5wgvLGhvvn9ZWKtn+/ZfSvnrK0G/rCRDcgQAQAAJAQH8C0G/rzxAiAAEgAASAABDodQR06bdfeml5fn65SsWePXv7mWcWb96cRYatVLIGBgEKRTPWeHr+pFSyJ05cNzQMKympwsqTJ2+0t99vthsb7/n5pWLliBExa9eeUqvvxcVdGDEihgTUU7hRf8NghUF+Zb72OBMmTJg+fbp2G1gLBIAAEAACQEBnAtBv64wOHIEAEAACQAAI9F4CuvTb3313+uWXvzUyCktLK3J2Tpw0aTMe//79ReQs98WLdxBCc+emPP98kLn52v37iwgjYmNgEODgEIf1JSVVDg5x//M/wXZ2GwoKKoixoCDyeWnSbKnBCgP8L+xMmGAorCwqKrK1tdViAKuAABAAAkAACOhDAPptfeiBLxAAAo+FQGJi4v79+3Hq8PDw7OzssrIyTZXk5uYuWbIEn1TTZPPE6j/++OPa2lpN5X322WcKxf3HVCGE/v3vf1dXV9fUdF6ii5XZ2dnHqL9FixalpXVe2Hvv3j0fH59eigWPDj71JKBLv61nyifQPSoq6vLly09gYVASEAACQAAI9A0C0G/3jXmEUWghcP369Xfeeef69ev29vZazDSt0tNdU1jQ60NAKpWePn0aR1i0aNHdu3dLSkpmzJhRXl7OD3vixIlVq1bx9b1C4+zsrKVO+lTflClTEELJyclz584lLvX19U1NTXl5ef/7v/97717ng5+zs7Pv3r2LEPrss8+IpRYhOzt7xowZWgxgVS8lAP12L504KBsIAAEgAAR6E4Entt9my7L3xq1d8W1IeNye7HLu+0EE3wcml8vXr19P6E+aNInIHGH16tVOTk4c5ROyuHDhwvHjx+tTzIEDB+bOnTtixAg6yPr16+XyzifI0no
<p blockindex=36>**一次报错是我写的不对，次次报错就真的有点问题了。**这下我开始怀疑存在第三个无回显的WAF。</p>
<p blockindex=37>使用'|| 1=1 ||'，居然也报错？</p>
<p blockindex=38><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABR8AAAJTCAIAAAAOnvYSAAAgAElEQVR4AeydCVhVVdf46Xl6+/I1+/f2nkoQ4jJIghhpipmIQyovjqV9mIYRYhllWBoiOACiIgGGAoqG4ZiKgYjikPMMgkLABzjiEPN058th2n9p826355x7udwLBrh4fG7rrLP2Wmv/9jmnu+7ZZx8DpNPfzp3X+vcPe+GFJa+/HhgUdBL7yMh4aGe3rqxMZmDgTbz27LlUJmMRQlVVil69lhE9FtLTH7q7x2PZyChoz57MN94IfOutHzMziziWnE0XFxeORsOmQYCBhr2wCwgAASAABIDAUyDwlee3IaE/xSckHz5y8tSZSxcvZ6Rezcq4npv5R35Wzo3s3Ju5ebf/r+Bu3o3CvBuF9Rr/qqrE2CzvRmFVtUSjbb2eXbtz546eHrpc83//2/+337KVyjqVqv7QoTyGCehyXYCEgQAQAAJA4G8hoGPZOWVKXH5+WX19Y3Z2yfPP+yCEZDJ20qRfSkqkCCG6ura33xAScqamRrlkyRFOdc2yDYsXp0gkKtzzf/xjSVDQSYlE9eOPZ0eNimlHHFBdtyNMcAUEgAAQAAK6EYDqWjduT79VYmLOO+/89OKLvr16LbO333Ds2I2nnwNEBAJAAAgAga5IQMfqurGxaf/+7Dlz4u3tN+BaOjDwRFGRBCOgq+uLFwvNzYMNDYM2b061sQkjjGpr67dvz1CpHv+m/vLLy6XSWoSQQlHXs+dSYqm/ANW1/gzBAxAAAkAACOhJAKprPQFCcyAABIAAEAACnZyAjtW1h8f+jz7avn9/dmZmEa6lDQy8Of/i4tLpzkdGXvr22ySsYdmGxMScxsYmhNDNmxVY2b9/WG5uKUKopkb52mvtOQsLqmt6IEAGAkAACACBv4UAVNd/C3YICgSAABAAAkDgqRHQsbp++eXlWVnFcjl74ULhc88t3rIllWQsk7EGBt74LvSj4nnWrF9lMvbkyVuGhkH5+WXY7PTp201NzaW1Ulnn6ZmIlStWHP/oo+3V1cqwsHP/+787iUM9hdvVtw0CDLJKszT7GT169OTJkzXbwF4gAASAABAAAjoTgOpaZ3TQEAgAASAABIBAlyCgY3X9449nX3llhZFRUFJSrpNT7NixW3BvDxzIJXewr1y5jxCaNy/hxRd9LSzWHjiQS4gQGwMDbweHaKyXSmunTt324ou+jo6bHj4UE2NBQctVzSLTIg0CDPC/oHNBgq6wMjc3d8iQIRoMYBcQAAJAAAgAAX0IQHWtDz1oCwSAABAAAkCg8xPQsbru/B1ra4ZhYWHXrl1rayuwBwJAAAgAASCgJQGorrUEBWZAAAgAASAABLooAaiuu+jAQdpAAAgAASDQxQh04uq6sSr3yNawlctXrNl87LbySa70G7mOHbsxYED4//yPr0i0ZsmSI08a/p1bI0Zs/FvCp6SkLFiwYPjw4X9LdAgKBIAAEAACnY0AVNedbUQgHyAABIAAEOieBDptdd3w4Nj6qKTsYnldfeGpPZdKnsRPquv/+7/SPn1WXbhQqFDU7d2bNXLkpicNn8bW4sUpgmEqKxWC+o5WZmRk/PzzzyKRqKMDgX8gAASAABDoEgSguu4SwwRJAgEgAASAQJcn0Fmr67qcPT8m321ealTwj1TXs2fviYy8RGzCws4R+ekIubmlvXuv5MRqaGisqVH+va+khuqaMyiwCQSAABB4ZglAdf3MDj10HAgAASAABJ4qgc5aXT9ICf7lXPbRTav9g9btulJSx4FCqmszs+D792s4e/F7NKdO3fbyy8snTfqlurp5XvmgQRFvvBGYk1NiYxPWq9eywMAT6pS4+fTpO3r1Wvb++1E3bpRj/wpF3TffHHjjjUCGCYiOvowQ8vFJoZdEJWmsWHG8V69l+OWgRFlTo9QmJWz/2WefkYYaBKVSuWLFisGDBw8aNGjHjh20Jae6lkgkX3zxha2trYeHh1jcskrrgQMHRo4caWlpOXTo0C+++AI3l0gknp6e/fv3nz59+t27d2mfIAMBIAAEgEBXJADVdVccNcgZCAABIAAEuh6BzlpdF+xbGhJ3Nr+6VlV6ITYgNk32JFpSXf/jH0tYtuHJnc1bc+fu//77ZIlE9cMPh+fMiUcIXb58z8DAOzz83J9/iq9efdCjh586JULI3T3+wIHc2tr6U6dujRvX8gqSb745MGVKXHGxpKJC3q9fKAnKqaKxvr6+kaPXMiXiVhthxYoVc+fOLSsrq66u/uCDD+gmnOp6yZIlQUFBMpls9erVixcvxpZ2dnbp6el1dXXXr1//8MMPsdLb2/v48eMsy166dMnV1ZX2CTIQAAJAAAh0RQKtV9cFBeXm5sEFBeU2NmFPv4faRy+oLDBfb15QWWATbaM5T+0tNfuBvUAACAABIAAEtCfQWavr24kBcdfZv/pRl7l9RcKtJ7tEquv/9/+Wl5ZySu9m03//27+qqvmx56oqxb//7Y9b0+UukYmAECLyv//tT25Kv/LKCtz8tdcC/vxT4N2cpNWTOT72hvXap8Txo2Fz0KBBJSWcZ9JbzDnV9cCBA2tqmm/y19TUDBw4EButX79+zpw50dHRhYWFBQUFWDlw4EDRf//efvttDdFhFxAAAkAACHQJAq1X176+R2NiruBPbbpUViajH4sqKpKMGhXTo4ff5MlxMhn+vzfKySlxcIju0cPP1jb8woVC7NbJKZb8/9XQsOXd1NpH9z3pG5MRgz9JnuWK8pSbKY5xjkSDEBK0pA1ABgJAAAgAASDQ7gQ6a3VdcTrip9Nlf3VXlfHLquR7T/acVNcODtH792eTnUlJuVh+9VV/sViFEBKLVTpU16++2lKcE88IoX/9a0VNTcvi5Url48nqWlbX2qdEB9Us29nZSSQSbKNSNfeX/HGq63feeUcqlSKEpFIpqa4RQnK5PDk52cPDIzS05W78O++8g+tw4goEIAAEgAAQ6NIEWq+uw8Obly3Bn612tampydl5K/0/PxeXXcuXH5dIVN7eh/39f8ceXFx23b1bJZez/v6/9+0bgpXz5iVIpbUIodra+t27r2Ol9tHDL4c35/nXJ8lzX+6+flH9DAKe6KagJWkCAhAAAkAACACBjiDQWatrVHoqYs3ujHKVqvTi1uA9uc3/J6b+SHW9Y8c1c/Pg9PSHcjmbkJCzdu0ZbOXqusfP76hUWrts2TFX1z1/lZGsgYE3ropVqnoDA2+xWCWXCygRQi4uuzw9E6urlSUl0h9+OIx9fvTRdi+vgzU1yocPxUuXHiPp/POfftev/ymXsytXNj/Ljf+UyjoDA+9HXyr+q0BapkTstRHmzZsXEBAgkUhKSkrCwh7P5lOpVCKRSKF4vGj5d999FxoaKpfLw8LCvvvuO+x83759EomkoaEhIyNjwIABWPnNN98sW7ZMLBaXl5evXr1amzTABggAASAABDozgSfKTv0TDQs7Z2sbTlfXr77qj9c4KS2Vkbnljo4tr/GQy9mXXlqG4966VYmFffuycJmtfz4IoSbUxKmu28UtOAECQAAIAAEg0CYCnba6RuyfF3b9tHK5f8jPKTda7s4+7hmprhFC69adNzZe9fLLy+fNS6ira3kGu7xc7uy8tVevZRMn/lJRIcezvg0MvJ2cYhFCEyf+Qiam8ZUIobIy2Ucfbe/Va1n//mFZWcU48J9/iv/zn9iXXlpmZ7cuLw/fWG/es3LliV69lr355uoTJ25iy6VLjxH/pA7XMiXsQctVzUpKStzc3Pr37+/s7HzrVsv0+UWLFv13Zrdo0aJF2GFVVdXnn3/ev3//OXPmVFdXY+WHH37o4OBgaWn53nvv7dnT/BsEQqiysnLevHn9+/cfP358Xl4eVsInEAACQAAIdF0COlbXO3de698/7IUXlrz+emBQ0Enc/4yMh3Z268rKZHR13bPnUjwhvKpK0atXSyFNeKWnP3R3b14Bhf6LiLhAbwrKLi4ugnpBJVTXglhACQSAABAAAk+TQOetrjVSoKtrjYawEwgAASAABIDAs05Ax+p
<p blockindex=39>那么非常有可能是拦截了=等于号。换用不等于&lt;&gt;进行测试，未报错：</p>
<p blockindex=40><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABLUAAAJaCAIAAABWZeICAAAgAElEQVR4AezdC1RTV6I38LiW4yel+lmHsWLbWwt9KKCOnZEZb9FKr5aPVug4nZuZOn0p7Vjbajt3JkpQBIxVkcSrAjZSlTLYWmUUakVFqYqoqIBQSCW+oNaGEMrD5IRHRLK/MtvZHkKIx+QQAf8uVu7OPvv5O9yOf8/JiYR08+fy5cvdHEE1BCAAAQhAAAI9K/DO/AXxCf+7c9eevftyvz5y4vjJolNnSovOakq+qSgtP1+muaA5d+lbbeW581Xnzle1OfxTX3+NNjt3vqq+weiwbZuAXbXXa/ZtUS6PXrZy04FLzZ078P/ycODA+XHjVP/n/8hHj14ZGbmvc8O7+W7KlI13Zfrs7OwPPvjgmWeeuSuzY1IIQAACAgUk3bXj/ye+uzaohwAEIAABCECgJwR6bT688f2B9UlZZdXm621VX28/oe+8efaXh2+/rXnooRX5+VVNTde/+KL02Wc/7tzQHe8WLcq2O01dXZPd+p6uLCoq+uSTT0aPHt3TE2F8CEAAAq4IIB+6ooe+EIAABCAAgR4R6K358Hr59jV7Kq3d7Znlw9de256YeII1UyrzWNk9BY2mZuTI5TZz3bjR3tjYfODAeZt6d75FPnSnNuaCAAScEEA+dAINXSAAAQhAAAI9K9Bb8+H32au25pXt//ijGMXabQX66zYKLB8+9tiqK1cabY4SQhobm1966dOhQ6Nnztza0NBxd+rTT6978MG48nK9n59yyJClcXGHuquk3V9++R9Dhiz9z/9MOn++lo7f1HT9vfcyH3wwzssrNjn5JCFk8eJsiUTGftgyli3LGTJkqUQiYzXCl0S7vP766/y+3ZWbm5uXLVv261//+umnn/7HP/7Bb2aTD41G49tvvx0QEBAREXHt2jXaMjMz89lnn3388cd/85vfvP3227TSaDTOnz/f39//5Zdfrqys5I+JMgQgAAERBZAPRcTEUBCAAAQgAAFxBHprPtTuWBKferSiobWlJn9z7ObTXOftsnz4s59FWiw3Oh/sePfWWxl//eseo7Hl73/fO3fuTkLIyZPfSSQylSrvhx+unTnzvYdHVHeVhJA5c3ZmZmpaW9u+/vrijBkpdPz33ssMD0+trjb++KN5zJgENqlNDqT1bW3tNvUCl8SGFVJYtmzZW2+9ZTAYGhoa/uu//ovfxSYfRkZGKhQKjuM++uijRYsW0ZYTJkwoLCy8fv362bNnf/e739FKmUyWk5NjsVhOnDjx6quv8sdEGQIQgICIAiLnQ6221sdnlVZb6+enFHGVAocSPru2Tuuz3kdbp/VL9nM8uPCWjsfBUQhAAAIQgIBwgd6aDy/tjk09a/nXPq6XpC3bdbHzllg+/L//N7qmxiY8djT9+c9j6us7Pv5XX9/085/H0N78wMbKrEAIYeWf/zyGXRUcNmwZ7f6LX8T+8MPNK2/85bBe/Er+aLRe+JJsxnHw9umnn9brbT6bebO5TT6cOHFiY2PHhdbGxsaJEyfSRuvXr587d25ycnJVVZVWq6WVEydOHP3vP+PHj3cwOw5BAAIQcEVA5Hwol+9Xqwvoq5BlGQwc/+MBOp1x2jS1h0dUWFgqx9H//SHl5fqgoGQPj6iAAFV+fhUdNiRkM/tfCG9vBa0UPrs8V64uUtNXts7aptrsC9lTU6eyGkKI3Zb8BihDAAIQgAAERBforfnwx8Pr/vew4V/bbSnaumLPd513zvJhUFByRkYZO5iVpaHl4cNjrl1rIYRcu9biRD4cPvxmvGQjE0IeeGBZY+PNB6k2N9+65VVgPhS+JP6kjssTJkwwGo20TUtLx37ZH5t8+Mtf/tJkMhFCTCYTy4eEELPZvGfPnoiIiISEm1dEf/nLX9IkyYZCAQIQgEBPCIicD1Wqjg+g09fbLtdqtYaGbuH/51sq3RYdnWM0tshke2NiDtIRpNJtlZX1ZrMlJubgE0/E08p583aZTK2EkNbWts8+O0srhc+uOqnqWOe/Xtk6d2h2jEkaI4ntZGK3JeuCAgQgAAEIQKAnBHprPiQ1X69b+VlRbUtLzfEtq7ZrOv6XmPeH5cN//KPYx2dVYeFVs9mya1f56tVHaKtXX90eFbXfZGpduvTAq69u/1cQskgkMprrWlraJBLZtWstZrOdSkKIVLpt/vzdDQ3Ner3p73/fS8ecNStt4cIvGxubr169tmTJAbac++6LOnv2B7PZsnx5x2ca6Z/m5usSieynv1T8u4IIXBJrL6Qwb9682NhYo9Go1+uVylt3VLW0tIwePbqp6dYDVD/88MOEhASz2axUKj/88EM6+I4dO4xG440bN4qKisaNG0cr33vvvaVLl167dq22tvajjz4Ssgy0gQAEIOCEQKcsxO/P/hPPrxS3rFTmBQSo+Plw+PAY+mn1mhqO3aE6derNh2KbzZb7719K13DxYh0t7NhRSoOiKGuzEqtNPhRlWAwCAQhAAAIQuCOBXpsPieWH/G3/uzw6Jv6T7PM3r5Dd2hn/Lw9r1x57+OEVQ4dGz5u36/r1m59FrK01h4ZuGTJk6Ysvbv3xRzO921MikYWEbCaEvPjiVnZzUNdKQojBwM2alTZkyFJ/f2VpaTWd+Icfrv2//7f5/vuXTpiw9tw5enGz48jy5YeGDFn6H//x0aFDF2jLJUsOsPFZkhS4JDqCwOfT6PX6N954w9/fPzQ09OLFmzfh/u1vf/v3/aGj//a3v9EB6+vr33zzTX9//7lz5zY0NNDK3/3ud0FBQY8//vhvf/vb7ds7UjQhpK6ubt68ef7+/s8///y5c+doJV4hAAEIiC7gjnyYnl7s768cNChyxIg4hSKX7qGo6OqECWsNBo6fDz09l9DbSuvrm4YMuRkF2Z4LC6/OmdPxWXb+n3Xr8vlv7ZalUqnderuVyId2WVAJAQhAAALuFOi9+dChAj8fOmyIgxCAAAQg0EsF3JEPw8NTKyoMbW3tZWX6gQMXE0I4zjJz5la9vuOGe34+DAzcEB9/pLGxOTJyn00+tFhuLFqUbTR2uom/sPDqP/956+MNohgjH4rCiEEgAAEIQMAVAeRDV/TQFwIQgAAEnBZwRz5sb7dmZJTNnbszMHADTYNxcYd0upt3pfDz4fHjVT4+q7y9FZs2nWL3l9IPGaalFbW0tNns8+9/32v38Wg2ze7oLfLhHXGhMQQgAAEI9IQA8mFPqGJMCEAAAhC4rYA78mFERMasWWkZGWUlJTqaBtnd/6yQmlrIX2ti4okFC7JojcVyY/fu8vZ2KyHkwoUf+c2CgpKt1o56Ef8gH4qIiaEgAAEIQMA5AeRD59zQCwIQgAAEXBRwRz4cOjS6tLTabLbk51cNGLAoJeUUWzTHdTygjD1gZvbszznOkpt70dtbUVFx8yPmhw9foiGwufn6/Pm7WV9CCPvuI36lK+VLDZcksZLSmlLHgwQHB4eFhTlug6MQgAAEIAABpwWQD52mQ0cIQAACEHBFwB35cM2ao8OGLRs1SpGVpQkJ2Tx9egpdcWamhl0/LCi4QgiZN2/X4MFyX9/VmZk3vyiJPdmMtgwKSubv9qmn1vDfdlcW+HyaxNOJklgJ/VHk3fxORbtjajSaSZMm2T2ESghAAAIQgIDrAsiHrhtiBAhAAAIQcELAHfnQiWX18i5KpbK4uLiXLxLLgwAEIACBviuAfNh3zx1WDgEIQKBPCyAf9unTh8VDAAIQgED/FOit+dBS9GnkrT8r937fmR/fb9HZA+8gAAEI9D0B5MO+d86wYghAAAIQ6PcCvTUfVud9edJg+deT4W5UFX9Tb3MikA9tQPAWAhCAQJ8TQD7sc6cMC4YABCAAgf4v0Fvz4bX6+naqb9YUaS22JwL50FYE7yEAAQj0NQHkw752xrBeCEAAAhC4BwR6az5k9PVnCi7cYO/+XUA+/LcE/i8EIACBviqAfNhXzxzWDQEIQAAC/Vigt+dD3eFD33aNhwT5sB//TmJrEIDAPSIgcj7Uamt9fFZptbV+fkr3CwqfXVun9V
<p blockindex=41>但是对case when套了&lt;&gt;进去，还是报错：</p>
<p blockindex=42><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABTAAAAJyCAIAAAB8OHjcAAAgAElEQVR4AeydCVxUVfv4p8+nt59W+utntxLEHAFRASN9FVMJl1z+uGb5YhpqiEVUYmmoEIqIiCgoiigairikQiCiuOQuLiAoBAS4W8oqy+zDZTt/8fAej/feGcaZ0YAePn2m5z732c733hnnmXvPuSL07H/e3kcjIy/jV128S0vlnTsvJ5aFhdJhwyLbt/eZMCFaLmexPien2MEhon17H1vb0JSUu1g5dOhmkcgL//f22/5YqXt275PekRmR+JVkL1OWJd9Idox2JBqEkKAlbQAyEAACQAAIAAGjE/jaY27wmnWx8UmHj5w8debihUsZqVeyMq7lZv6en5VzPTv3Rm7erT8K7uRdv5t3/W6t1r+KCgk2y7t+t6JSqtW2VutA/vhlMfdv57Wmf6yx4+3bt7Hg4BARF5eNZYRQYmIuljt18pNI1AghiUT95pt+WCkSeRFLTTJxr6hQEuNndec40pt0XqyXStWzZ8eGhJy7e7eSk+jhQwUpvlMnP35JdORmZbFYzLF5//33q6qqOEqWZbds2eLh4XHv3j16F989IiLCy+sJUmxMzCorK/v27aslwqJFi9zd3Y8cOfLHH38QL04Q/ibHko6PELKzs5NKpVipVjeeAAgh2oXImrITA+yLXxUKRVJSkpub25o1a7BGEB0nFx2BI4vF4rq6ukdf/1iW5WTUtLl7925OEM6mjY0NHrJSqbS2tubshU0gAASAgBYCIi37NO0KDT2HEMKvmmyIvqGhwclpG/1PoLPz7iVLjkulai+vw35+v2FLZ+fdd+5UKBSsn99vPXoEY2VExCUShwi6Zw+9FNpY5+NX4r4/d3+vjb1Ey54auKAlcQEBCAABIAAEgMDzINAiG/InA21gr8UsjrnGNjxRPZZIQ75z51Vz86D09PsKBRsfn7Nq1Rls6eKy18fnqExW7et7zMVlL0JIoWBFIi+VqgYhpFbXikReuGNHCL36qs+1aw8UCnb58hPY3dl5t4dHQmWlqrhY9uOPh5/VnVMt2VSpakQiL6WysQb676uvfp0xo7FI/CcSecXG/i6VqufNO/jppzuxkl/Sf811/X/v3r1zc3OVSuWGDRuwz7fffuvr6yuRSMrKygIDAxFCcrl85cqVKpVKIpFMnTr1wYMHJDrHnWVZe3v7mzdvEgMsiMXi5ORkuVzu7+/v4eFB9qrVarFYrFQ++ZnD1tY2Ly9PqVSmp6d37959794mAhxLpVIpFotxq1ldXS0Wi2UyGQnLEdzd3ZctWyaVSouLi0NCQhBCtDuOjN0Fs+P4pJPHwffv3y+VSuvq6jIyMvr06YOVfHRYz6HEKY9sfvDBB0eOHFGpVOvWrRs2bBjR4wpVKhXW4M3q6mpioEUYN27c5s2bVSrVzp07x40bp8USdgEBIAAEOASe6ks5+4yyGRJyztY2lG7IO3Xyq6xs/LArKZFbWzd+XiOEHB03Y0GhYF9/3RfLkZGXsWDc1wbUwGnIjRsfogEBIAAEgAAQ0IVAi27I82N9FuO/oKP3nxoNacgRQmvXnjczW9Gx4xJ39/iamsarjgihsjKFk9O2Dh18x43b/vChAiGEb3YbMyYKITRu3Ha8iY2XLz/RoYPvu+8GnjhxA2tKS+WTJ8d06OBrYxOSlVX0rO44CP/1zTf9RCKvd95puuGOGPz6azZ9nV8k8tq48eLrr/s6Om6+f1+iqSSsnzlzJomjXdiwYYONjc3gwYMvXLiALcvLy93d3W1sbEaPHp2Xl4cv8IrF4uvXr2/btk38+I/E5Ljv2bNnzpw5ZC8RxGJxTEyMjY2Ns7NzcXEx1i9YsABHE4vFCxYswMotW7a89957AwcO/O2332bOnOni4oIQCgkJIZa4o8abeJizZ8/Gm3Q6IiOEiouLZ82aZWNj4+TkhH8s0OTOz75p0yaSeunSpSTsxx9/7ODgYGlp+cEHH5BfDfjosD2HEgnCEVJSUsaMGdOzZ8+JEyf+/vvvZG/fvn3FYnH//v2xxsnJSSwWOzk5EQMtwq1bt6ZMmdK7d+9JkyYVFBRosYRdQAAIAAEOAaM15Lt2XbWxCXnllcVvv+0fEHASp8nIuG9nt7a0VE435K+99hO+U72iQtmhQ1PvTcpKT7/v6hqLN1evPov/Rf/ww03kXjJiyRGcnZ05Gi2b0JBrgQO7gAAQAAJA4MUQaNENuWYEdEOu2ap17KmpqXt0PZ/8lKBUNl5FJ1fvW+wYpk6dmp6ezilPpVJpv4LNsTd888svvzQ8CEQAAkAACPzDCRitIZ84MTo/v7S2tj47u/jllxc9vvOKHT9+e3Fx461NdENub78hOPhMVZVq8eIjnIacZesWLkyWSpvmHbm47P3jjxK5nPXyOjx27DYjHipoyI0IE0IBASAABICAfgSgIdePm7G87O03dO0aePZs05R4hNCQIREikZeFxSpjpXiRcaZMmSIWi4cOHfoik0IuIAAEgAAQMJCA0Rry+vqGuLjs2bNj7e034Pbb3/9EYWHT2h50Q37hwl1z8yATk4AtW1LJLesIoerq2piYDLVaYLEZiUTNad0NHfbTc8gNjAbuQAAIAAEgAAT0IAANuR7QwAUIAAEgAASAQFsiYLSG3M0tbvLkmLi47MzMQtx+kwXSiRAd/dTtVeHhF+fOTcQ0WbYuISGnvr5x5ZgbNx5iJVnUrbRUzjDLjMgdrpAbESaEAgJAAAgAAf0IQEOuHzfwAgJAAAgAASDQZggYrSHv2HFJVlaRQsGmpNx96aWFW7emEkZyeePaqjJZ0zKV06f/IpezJ0/eNDEJyM8vxWanT99qaGjsxlWqGg+PBKwcNiyysFAqk1V7eCQ4OzfzwAmSrlnhVuUt0TJRVkmWdsvhw4dPmDBBuw3sBQJAAAgAASCgNwFoyPVGB45AAAgAASAABNoGAaM15KtXn33jjaWmpgGJibljxkSNHLkVAzpwIJdcIb98+c9Hi3C6u8e3a+dtYbHqwIGmB5aSBVSxpYNDBPY9c+aWrW3oa6/9NHLk1gcPmlY61cRdx0XdwtPCRctE+L+AcwGaoiGEcnNzBwwYoMUAdgEBIAAEgAAQMIQANOSG0ANfIAAEgAAQAAJtgIDRGvI2wIIzhJCQkKtXr3KUsAkEgAAQAAJAwFgEoCE3FkmIAwSAABAAAkCglRKAhryVHjgoGwgAASAABFo9gZbakCtTf1785G/FoXtPk6Yfe3bs2PU+fUL/53+8xeKVixcfedqwpWzhtdPt7NY+74K++urX999fZ0iWmTNnksdx29vb41B1dXXz58/v1avX3Llz6+qaHvYuqDQkNfgCASAABIDA30IAGvK/BTskBQJAAAgAASCAWmpDXpGWdkvL4SEN+R9/lHTpsiIl5a5SWbNvX9bQoZu1eGnatXBhsqZduuh1ccdPF1coWF0CPpMNJ/vq1Wfpx8o8Uyhs7OPjo1AoEEIsyyYmNi18u2/fvmnTppWWlrq7u+/e3bSkjqBSj4zgAgSAABAAAn8vAWjI/17+kB0IAAEgAAT+uQRaakNelJ7+QMtRIQ35jBl7w8MvEsuQkHNE1lHIzS3p3Hm5jsZ8M93dDeyT+akfrzUjULyBie7da7od4fDhw7gzRwhNnTr1/PnzCKH09PQpU6bgYgSVgnWCEggAASAABFoyAWjIW/LRgdqAABAAAkCgLRNoqQ35nYyUa6dj1q3w81+99VBeVeMzUOg/0pB37x70559V9C4sV1WpJk3a0bHjkvHjt1dWqhBC/fqFvfOOf05OsbV1SIcOvv7+JxBCixYlk2Vf6T62qkr16ac7O3TwHTx44/XrZc/qzq8Hrx3L1+uY6HEnfL9fv7B27bxtbEJcXPZaWa3WVLxI5JWefr937zWvvurj7X2UJJ05cyaRdRG2b99OzPr3719ZWYkQkkgk/fv3x3pBJXEBAQgAASAABFoLAWjIW8uRgjqBABAAAkCgrRFoqQ35vfNxZwvK5CwrvX0swj/mmvJp8KQh/9e/FrNs05Rm2mTOnL
<p blockindex=43>那很有可能是既对=拦截又对case when等条件语句拦截。这下咋办？只能重新找一个函数啦。</p>
<p blockindex=44>几番搜索，找到一个函数INSTR，用于搜索子字符串的出现位置：</p>
<p blockindex=45><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABMYAAAI4CAIAAAAOJ3LIAAAgAElEQVR4AezdD1ST56E/8NdznEdG9Vgvs2LbWxvWFhH1dpvseqdUenQeWqDXdTdbXf+p66xdddu9N0pUBIxTkcSfCtrA1NRhW5Uh+AcRpSKCggKFQmqiUqizIYTyx+TlX0Ty/Ooe7+NLCDH/oIn7ejjvnjzv8/fzss2v75uEI4P/kUrzlMpSehy81f0zBgM/ceIG9lqnM86dq/TzWxMdreJ5M62vrdXPnr3Lz29NaKiiuLiBVpaX3/zJT3Z8//trfvzjHZWVX9NKx2eXFkiVFUp6ZLM3dzbnXssNV4WzGkKIzZbCBihDAAIQgAAEPC7w7vIVScn/73DWsRMnCz4tvFBysaLscnXFZ+qqzzXVtVdr1NfUV+q+0NZfudpw5WpDr90/ra23aLMrVxta24x22/Y6thFjSfohja2mX375pa1q1EEAAhCAAAT6CXD9XvV/oVAUEULosf8ZG68sFktk5F6Ok7BzYvGBuLh8o7FbIjkRH3+a1ovFB+rrWzs6zPHxp595JolWPvfcVqWytLPz9o4dJcHBybTS8dkVFxV31/mPI5v9kPpQcGowl9BvgzZbsi4oQAACEIAABIZCwLsjZd2RxE+u2No2IqUtFdRBAAIQgIC1QL/EZX3SmddyeVFoqEIYKcePj29r6yKENDXxISFyOlh4+Ae00NFhfuSRdbQ8fnx8S0snIaSr6/a//Eu8M9Paa2shFqtIaa81zkEAAhCAAASGRsC7I2XD8W05Nm9HIlIOza8DRoUABCDwsAk4HSkzMiqnTpWPGhU7YUKiTFZAPSoqbs6Ysc1g4IWR0t9/LX3etbW1c8yYe+mR+ZWX31y8+DB9qVSWLliw56uv2vbvr/jLXy6xNjYLYrHYZr3NSkRKmyyohAAEIACB4RTw7kg5qAQi5aA0OAEBCEAAAgIBpyNlTIxKozH09vbV1OhHjlxNCOF5c1TUPr3eRAgRRsqwsJ1JSYXt7V2xsSetIqXZfGfVqlyjsZuupLPz9ptvHvzFL/ZHRCg7O28LluduEZHSXUH0hwAEIAABtwUQKd0mxAAQgAAEIOC9Ak5Hyr4+S2ZmzZIlh8PCdtIAmZh4Rqcz0i0KI2VJSYNItDkwUJaWVsYefCWE9PT07t9f0d19/2MD3nzz4MWLXxFCNm06+9ZbBz2ohUjpQUwMBQEIQAACrgkgUrrmhl4QgAAEIOATAk5HyqVLMxcu3J+ZWVNVpaMBkuMkVj8qVblw8ykpF1asyKE1ZvOdI0dq+/oshJBr176hlY88sq6r6+7NSZ43+/uvFfZ1s4xI6SYgukMAAhCAgPsCiJTuG2IECEAAAhDwWgGnI+XYsXHV1Y0dHebi4oYRI1alp5exvfG8meMkJlMPrVm06GOeNxcUXA8MlGk0Blp59mydxXI3T3Z13V6+/AitfP757Vu2FHZ23t616+Lzz29nA7pZqGur4xK46qZq++NERERER0fbb4OzEIAABCAAAZcFECldpkNHCEAAAhDwfgGnI+XWrefGjVs/aZIsJ0e9YMGeefPS6Sazs9XsXmVp6Q1CyLJlWaNHS4OCtmRnqxkEa8Nxktmzd9F6jcYwe/au739/TVjYzpoaPWtss+Dgx/OkXErhEjj6IyuS2RyKVqrV6pkzZ9ppgFMQgAAEIAABdwQQKd3RQ18IPAQCYrG4paWFENLbe/+dX2xfzc3Nf/nLX9jL1atXf/755+ylsGA2m19++eWmpiZhpbB89OjRTz75RFjjTvnMmTM1NTV0hOXLlz9wKI1Gk5qaaqfZmTNnNmy4/yX2hBCLxVJaWtrX12fVa82aNWVl929cWZ3FS28TcDpSetsG3F+PXC6vrKx0fxyMAAEIQAACELAp8DBFyqSkpKeffppu8/r16z/+8Y+vX7/+s5/9zObGh7/yn3lJXrh3m78AD986B9vRnj17WB579dVXqcZ7772XlZU1UOZ///d/jxy5+/ieTqd7//3379y5Q+MWbanT6fL/8Sc+Pv5Xv/oVLefn5+fl5UVHR1+5cv+bZaVSaUNDQ3d398mTJ3P7/3n77bdv3Lh718dgMLARhIWcnJyXX36ZtqHzvv322zdv3qTlJUuWEEJqa2uzsrKOHz++Z8+egbv4dv3vvPOO2Wy2eYoQsnLlyhMnTjQ3N1++fFmlUsXFxS1fvnzFihVWEZrn+alTp2ZlZdEdJCYmnjx5UjimTfOnn346Kenel94LG6M8DAKIlMOAjCkgAAEIQOCfWsBrI6VZd+nQri0J6+M37zp4qdH6E9dtfonIk08+WV197x0lGzdu/PDDD+lxSC/w0aNHly1b9vzzzz9wlqFYks3ZbVbaXJ6nlvTnP//55z//uc0paKXjE7W0tJw5c8bqXT937tz5/e9//8QTT7zzzjvsTprNlleuXHn55ZefeOKJOXPmsPtINrvbXK3j67TZfdgqHV/nYC3NZvPcuXPpfQv6kN3ly5d/97vfscTV1dV1+vRpGupSU1OVSmV+fr5UKj1+/Hh+fv6+ffuioqJMprtfqXD79u1bt25ZLJZ58+a1tbXZRNDr9bm5uZGRkSdOnPjTn/5Eo+Af/vAHQgg9sl537txpbm6mL7/55pu3336bnRIWrly58sknn7S1tV2+fDk3N/ell16Sy+V79+7NyMgoLCz885//zBqnpKSwaHrq1ClW3rdvn/CWKc/zr7zySmdn57Vr15qbmz///HOrO5ZsQIVCsWXLFvpeObPZ/NJLL/39739nZwkhNs1ra2v/9V//VdgM5WETQKQcNmpMBAEIQAAC/6QC3hopmwq2bTxQbui+3d1U+mHi/yu497EH/3eVbEbKgICA/ztPdu/eTci9I6scisLly5d3794tnJrOkpiYaDXdUCzJ5uw2K60WQ196akkqlWqggHBGxyfKycmZNWuW1WgHDhz4z//8z6amprfeekulUtGRbbZcunTpjRs3Ojs7k5KSwsLCaEub3YXLY2XH18m6fCcFx9dpp+XFixfLy+9+aKVYLO7s7FQqlVZPeDY1NaWlpdEMlpiY2N7eTjfb0dFRVFRktfHc3NyNGzcSQl577TWWCVmb3t7ey5cvJycnf/HFF4SQnJyc3NzcV199lR0VCsXAOPr3v//9/fffZ4OwQl9f38GDd7+FYcuWLWlpad98881vf/tbQsjZs2czMjLkcjnP87Tx2bNnN23axDoKCzKZrLCwkNWkpaVlZGSwl1euXLEZKa9evZqamtrS0rJjxw5CyLp1606cOMF60cJg5la/1Va98HLoBBAph84WI0MAAhCAAATuCnhrpKzP2bCnvOsf16i3er/saEP/y/XASNm/+ZC/svrLokajCQkJGfJZ/28Cq9lptc3K/+vh+f/04HQWi8VqtJiYGPq3/7KyspdffpmtfmBLdnuzs7Pzqaeeoi0H687GsV9obGy038Dnzra3t7Obdfn5+S+++OKxY8dozY4dO/72t7+xHdEHSgkhtHD58uVTp04ZjcaFCxcK8+ft27cjIyNpJoyKimLdhYU///nPf//731966aXe3l761sf/+Z//IYT86U9/og+d0udphV1qa2ulUimr6evro22uXr26ePHiXbt2vfvuu/Qx2pdffnnLli1ZWVkZGRk0bdJeH374Ib2/Ktxvfn7+/v37IyIiurvvfQt9V1fXiy++uHbt/W92sBkpb926lZGRQe9PfvbZZ9HR0fv27WPLe2DB6rf6ge3RwFMCiJSeksQ4EIAABCAAAdsC3hopLd+U79/5YWFdu7m96mhWRcvdD2QX/BkYKUtLS4ODgwVNrIs5OTk/+9nPnnrqqZaWlvnz50dGRtIWt27dWrx48eTJkyMjI+vq6mjl4cOHf/KTnwQGBoaGhr7xxhuEkJiYGPY3wpdeeomVaXvhyw0bNgQI/livY8Brq8/2e/HFF6dMmXLlypWf/exnkydPTk5Odmp2NrxwSazSkUJXV9fq1aunTJny7LPP7t27l3a5devWG2+88fTTTy9atIjdrWpubhaLxd++fz
<p blockindex=46>这个函数是可以利用的，只是过程稍微麻烦些。至于如何利用呢——我们做一道小小的数学题即可：</p>
<p blockindex=47>' || 1/(1-INSTR(USER,'a')) || '</p>
<p blockindex=48>由于INSTR会返回整个字符串中子串出现第一次的位置，所以我们只需要同时爆破被减数与子串，即可定位整个用户名字符串：</p>
<p blockindex=49><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABDgAAALpCAIAAADZwAFoAAAgAElEQVR4Aey9C3wc1X3oP/f2tre3z9tHbnLb3N625qZN0wC2gYIa8iA0r97+k5u0CRhokypZv0EqRo0FRsS6sR0srAoijIvtyC8esRMHghEvA+HtgAkEY2StJHvlhyywZHtjwEh8Pvrfmdk5c2b27M5qNbN7Zue7n/OxzvzmzO/8ft/zm3POb/Zh452xcQoEIAABCEAAAhCAAAQgAAGtCBhvvX2aAgEIQAACEIAABCAAAQhAQCsCxul33qFAAAIQgAAEIAABCEAAAhDQioDxztgYBQIQgAAEIAABCEAAAhCAgFYEjLHxcQoEIAABCEAAAhCAAAQgAAGtCBjv8oIABCAAAQhAAAIQgAAEIKAZgXISlWnTzgj0opQ2hZSUfm3pLQv1lS+PQmd+L0ggAAEIQAACEIAABCAAgSIEjHfeGZtsmTbtjMBLSmlTSIl97bRpZ8hF2bi8XmS1dl1WXp5OWQN1CEAAAhCAAAQgAAEIQGCKBIy33z5dvPi29W+/fXratDOUl/hayofK9kqhUC4qvh5ltcq6Um2+UNYvd+GT51+IBAIQgAAEIAABCEAAAhCImoDxi1NvlVKmTTtDNPOlB0IuV+T2sjywLi4UlV+cekuuCw1KoTgbWPFdLg5FJVADDSAAAQhAAAIQgAAEIACBiAgYJ7OnSinTpp1hNxOVk9lTct2npMgpX0v50E6BREdyRiQ3k7uW20yqU/lCn0JfXxxCAAIQgAAEIAABCEAAAhUmYIwcP1lKmTbtjJHjJ+V/xaF9ubzvV9YDe/EpF2qVF9qN5VP5Evmsry439vUrn/JdxSEEIAABCEAAAhCAAAQgUBkCxuvHjpdSpk07QzQTdVERp0SlyCnRRlmxL1SmOqK9fVYcvn7s+KS6E13YGpSHsnLqEIAABCAAAQhAAAIQgECFCRhHXx8ppUybdoZoZtdliX1KlhSqCyWFKvKFR18f8R0KiS1X5jOFNOfLhRKhVq7kt0cCAQhAAAIQgAAEIAABCFSGgHF46PVSikgJ7MbTpp2Rf5UsLFTPv8on8V1o9+trc3jodblZ/mF++0ISoSe/UugS5BCAAAQgAAEIQAACEIBA1ASMzMGjxYudKshtpk07I3PwqP1vvtyWyGflutxeWReN7Yr8r9xeNMvvTm5WvO5TMhVVxTviLAQgAAEIQAACEIAABCAwKQLG/syRSZVp084Q7eX6/swR8a5LfkVcElixdQrN+RVbg5ArDwN7sa1VNvNpVrZBCAEIQAACEIAABCAAAQhESsDoGzhYepk27Qxf43yJr0HfwMFS2oirfI19h8pmdl4kTpVSUaoV+VUpGmgDAQhAAAIQgAAEIAABCERHwNjXl6FAAAIQgAAEIAABCEAAAhDQioDxWu8BCgQgAAEIQAACEIAABCAAAa0IGHv37adAAAIQgAAEIAABCEAAAhDQigCJCnkaBCAAAQhAAAIQgAAEIKAdARIV7YZEq0QWYyAAAQhAAAIQgAAEIFAVAkb//kMUCEAAAhCAAAQgAAEIQAACWhEwbl69gQIBCEAAAhCAAAQgAAEIQEArAsY4LwhAAAIQgAAEIAABCEAAApoRIFHRbEAwBwIQgAAEIAABCEAAAhAYHydRIQogAAEIQAACEIAABCAAAe0IBCcq77wztnHrj7/w1as+eOHn/+S8z2pbPnjh57/w1as2bv3xO++MjY+Pj42NPfb4k8u/s2rBVdfMntegSVlw1TXLv7PqscefHBvT18gyWOFXGdCivsQ3KNrNPRgEAQhAAAIQgAAEihIISFTeeWfsG1ffcP7nLuu6+97X+jJvnR7Ts/zirdMv7013rL3jLz/+xW9cfcPp0+/c0rlm0b9e9+hjTxw+cnR8/F0dyjvvjGUyB+/b8cCCKxfd0rnmnXd0NLIMUPhVBrSoL/ENip0YF50KOAkBCEAAAhCAAAT0IhCQqGy4+57zPn1p/8Gh0eybsSgv7un90IWfv7b1pqsavzn8+rE33zqtYRkYyMye09B56+06G1kGN/wqA1rUl9iD8vAjj+k18WANBCAAAQhAAAIQCCIQkKh87pLZnd/beuSNkzEqy2/+3lkf/f9+fN+DJ07+Qtty1/e3/+PX5mpuZBn08KsMaFFfctf3ty++dmnQVMB5CEAAAhCAAAQgoBeBgETljHM+/dQLrw4cPhaj8uizL/2PD39872vp1984rm35+SuvfekfrtDcyDLo4VcZ0KK+5OevvDbr8q/rNfFgDQQgAAEIQAACEAgiEJCo/Pc//+uf7Rt8df9QjMqLPZn//ud/PXhw6MjRY9qWzOCRv/v8JZobWQY9/CoDWtSX2IMSNBVwHgIQgAAEIAABCOhFICBRee8HLti972Dsyns/cMHhoTc0L5/53N9rbmF55uFXedwiveozn/t7vSYerIEABCAAAQhAAAJBBAISlf827bxdew/Ervy3aecdOvK65uXiT31BcwvLMw+/yuMW6VUXf+oLQVMB5yEAAQhAAAIQgIBeBAISlff8yTlPvzKgKDuu+7Dhe116k7LlZIWm5qmqes+fnHPw8HB+mekz2Tw8t+UpRcv8a0OXfPyi/63W+dTSPDsnb6Sp5IpNPghKoa/NlA+r4NckbL7zsnJHvKBfdu+eUcsjX8TCigzKJz75d3pNPFgDAQhAAAIQgAAEgggEJCq//8czf/JSn6Lce+1fGpfcKJ268UuGcda1WySJ4qpSzgrNolLKVd42v//HM9U5gLunnMxWssguM/9UyfvOCz/2WbWR+Ro2X1F+QpWvLd/mUCXR+jVVd8pPVAr6dXj4oDlAxmWbnYw3cLym6oXTUckD99GPfy5oKuA8BCAAAQhAAAIQ0ItAQKLye380/dEX9inK9sUfMr6yQj6VL5HPll4XekSl9Gudlr/3R9MHDx0tWJ40323YWKTBVE6VrLzurz+ttlCh4dnrzzFmbSrsURGDFdrK0lOkC++paP2aqjt3zDLOvf7JcggU9OuQYnSeuOFc45ylT3jJuMM9VS8mbX/dRz6t18SDNRCAAAQgAAEIQCCIQECi8rvvP+uhn76mKD/45l8YX/62fMoj+ffP5T5kJbXp+LLzwavpc35g6ZQvEXWr8tBPhQancf7lcu/e+u++/6zMwaGC5clvzTQu3+BrsOlyxzzDuGyLee2T35o58/JZ5sewrMbmVdbrsm9dP9OYtcnWv2VW7jJboTg85/onCxtgdX3eX31SbaHCvGfcHoUZhtSFa7wjtJRkDnrtkTXn67HOXt9yju3QzJZncublK/eh8x6W6ZfbS47/hsucgbD0/6TlHHNcirtwcCiTp8f0Qggvu3yW4CaEQuJ1xDc6k/HLCp6c2meun3nO9S1OdJmhVYVB+avzLw6aCjgPAQhAAAIQgAAE9CIQkKj81z/48I5nX1WUrf/6QeMflkqnln7BML6wxmrZ/Y0PG59pN6+6/aqzjQ//6+1mszWfMc7+xlZLVfs/5ISyElHPrxS6XOrdZ+F//YMP+3aZnkN5s5vbm5p7x1zuYe5fre2+tZWXExK7bu6Yc43d/MEUzvzWT+z0Jj8LUu2AZ57zcY9Vok2+eaZJbiIk2SmETn6y6XK/GbI2t+7z183EcvmJp8c85cJUVSUMvwR/28GhzEEHdXEXrBxA4mNb7jprjZ0QhuSXYO6hITo1LZeHzyTsemGnNGIc5SAMc1DOOfcTek08WAMBCEAAAhCAAASCCAQkKr/9vg/d89QrinJX05/n3knI/fnzK3fkmpmn/r4ld9XqTxtn19/1yj1Prf60YXy6zatKbinq+RVTlepypWGW8Lff96EDg0MFyxPmOypdBRtsmWWcs+SJoQNmM6syOHRgo5kAPJ67xNqDbrQbCD3yVUJY2IbBobOnX6i20OzX93LM8Fju9Djo2CN7JFqKyqBksCw0L8/z122gUi53lFcvxy+PEseewWeWzDRmbbQYCnvyK+a14hIZuCP0j50NMzy/PPqFAUK/5MXg0OPmZ/i2WKHlBElxj8yz+a
 </div>
 <div class="post-opt mt-30">
 <ul class="list-inline text-muted">
 <li>
 <i class="fa fa-clock-o"></i>
 发表于 2024-06-13 09:00:02
 </li>
 <li>阅读 ( 490 )</li>
 <li>分类：<a href=https://forum.butian.net/community/Pen_Testing target=_blank rel="noopenner noreferrer">渗透测试</a>
 </li>
 </ul>
 </div>
 </div>
 <div class="text-center mt-30 mb-20">
 <button id=support-button class="btn btn-success btn-lg mr-5" data-loading-text=加载中... data-source_type=community data-source_id=3078 data-support_num=6> 6 推荐</button>
 
 <button id=collect-button class="btn btn-default btn-lg" data-loading-text=加载中... data-source_type=community data-source_id=3078> 收藏</button>
 </div>
 </div>
 
 <div class="widget-answers mt-15">
 <h2 class="h4 post-title">0 条评论</h2>
 <div class=comment>
 </div>
 
 <div class="widget-comment-form row mt-20 mb-20">
 <div class=col-md-12>
 请先 <a class=a_unLogin href=https://forum.butian.net/login>登录</a> 后评论
 </div>
 </div>
 
 <div class=text-center>
 
 </div>
 </div>
 </div>
 
 
 </div>
 </div>
</div>
<footer id=footer>
 <div class=container>
 <div class=text-center>
 <a href=https://forum.butian.net/>奇安信攻防社区</a><span class=span-line>|</span>
 <a href=mailto:butian_report@qianxin.com target=_blank rel="noopenner noreferrer">联系我们</a><span class=span-line>|</span>
 <a href=https://forum.butian.net/sitemap>sitemap</a>
 </div>
 <div class="copyright mt-10">
 Copyright © 2013-2023 BUTIAN.NET 版权所有 <a href=https://beian.miit.gov.cn/#/Integrated/index>京ICP备18014330号-2</a>
 </div>
 </div>
</footer>
<div class="modal fade sf-hidden" id=sendTo_message_model tabindex=-1 role=dialog aria-labelledby=exampleModalLabel>
 
</div>
 <div class="modal fade sf-hidden" id=send_report_model role=dialog aria-labelledby=exampleModalLabel>
 
</div> <div class="modal fade in sf-hidden" id=payment-qrcode-modal-article-3078 tabindex=-1 role aria-labelledby=exampleModalLabel aria-hidden=false>
 
</div> 
 
 <div style="display:none;position:fixed;top:40%;left:50%;z-index:9999;transform:translate(-50%,-50%);padding:3px 15px;border-radius:8px;background:rgba(120,120,120,0.7);box-shadow:1px 1px 3px 1px rgba(160,160,160,0.6);text-align:center;font-size:12px;color:#fff"></div><div id=windowLoading class="modal fade sf-hidden" tabindex=-1 role=dialog>
 
 </div>
 
 
 
 
 
 
<span id=cnzz_stat_icon_1279782571></span>
<div class="geetest_panel geetest_wind" style=display:none></div>