WONDERKUN.CC

wonderkun's|blog | share with you!!

这是一个mysql的注入绕过类题目,相对来说是很简单的题目了,由于近来在学习基于正则的waf的绕过技巧,此处就拿此题作引子,引出下面的各种姿势吧. Sanitize($ GET['name']):die(); $query = 'select intro from baimaozi where name= ' .$name.' ' or nick= ' .$name.' ' limit 1'; echo $query; if (preg match('/[ a-zA-Z0-9 ]union[ a-zA-Z0-9 ]/i', $name) preg match('/ union[ a-zA-Z0-9 ]/i', $name) { echo not allow; exit; } $result = mysql query($query); $row = mysql fetch array($result); echo $row[0];. 可以看到过滤了,单引号,双引号,/,*,还有点;. 变量是用单引号包裹的,注入的时候却过滤了单引号,这就出现了一个问题,怎么在没有单引号的情况下闭合掉单引号? Name=o...

http://www.wonderkun.cc/

OVERVIEW OF wonderkun.cc

TRAFFIC RANK

>1,000,000

REVIEWS

0

PAGES IN THIS WEBSITE

1

LINKS TO THIS WEBSITE

CONTACTS

ADDRESSES

SOCIAL LINKS

ONLINE SINCE

WEBSITE DETAILS

SEO

PAGES

SIMILAR SITES

TRAFFIC RANK FOR WONDERKUN.CC

TODAY'S RATING

>1,000,000

TRAFFIC RANK - AVERAGE PER MONTH

BEST MONTH

July

AVERAGE PER DAY Of THE WEEK

HIGHEST TRAFFIC ON

Monday

TRAFFIC BY CITY

Sign up

CUSTOMER REVIEWS

Average Rating: 3.9 out of 5 with 17 reviews

5 star

8

4 star

4

3 star

3

2 star

0

1 star

2

Hey there! Start your review of wonderkun.cc

AVERAGE USER RATING

Write a Review

WEBSITE PREVIEW

LOAD TIME

3.7 seconds

CONTACTS AT WONDERKUN.CC

ADD CONTACT

Login

TO VIEW CONTACTS

Remove Contacts

FOR PRIVACY ISSUES

CONTENT

PAGES IN
THIS WEBSITE

1

SSL

EXTERNAL LINKS

20

SITE IP

119.29.34.249

LOAD TIME

3.719 sec

SCORE

6.2

PAGE TITLE

wonderkun's|blog | share with you!! | wonderkun.cc Reviews

<META> DESCRIPTION

这是一个mysql的注入绕过类题目,相对来说是很简单的题目了,由于近来在学习基于正则的waf的绕过技巧,此处就拿此题作引子,引出下面的各种姿势吧. Sanitize($ GET['name']):die(); $query = 'select intro from baimaozi where name= ' .$name.' ' or nick= ' .$name.' ' limit 1'; echo $query; if (preg match('/[ a-zA-Z0-9 ]union[ a-zA-Z0-9 ]/i', $name) preg match('/ union[ a-zA-Z0-9 ]/i', $name) { echo not allow; exit; } $result = mysql query($query); $row = mysql fetch array($result); echo $row[0];. 可以看到过滤了,单引号,双引号,/,*,还有点;. 变量是用单引号包裹的,注入的时候却过滤了单引号,这就出现了一个问题,怎么在没有单引号的情况下闭合掉单引号? Name=o...

<META> KEYWORDS

1 wonderkun's blog

2 share with you

3 hack ctf

4 linux

5 名站推荐

6 我们的故事

7 技术共享

8 资源分享

9 三个白帽子之我是李雷雷，我在寻找韩梅梅系列 1–writeup

10 wonderkun 撰写

CONTENT

Page content here

KEYWORDS ON PAGE

wonderkun's blog,share with you,hack ctf,linux,名站推荐,我们的故事,技术共享,资源分享,三个白帽子之我是李雷雷，我在寻找韩梅梅系列 1–writeup,wonderkun 撰写,看了一下第一处过滤,再看下面构造的sql语句,name=,打印出来sql语句如下,sql语句如下,0x2 可以注入了但是怎么出数据,来看这个正则,所以想绕过union仅有两种可能,name是用union开头但是其后面的字符在 a za z0 9 的范围之内,有两种解法,看到了吗

SERVER

Apache/2.4.7 (Ubuntu)

POWERED BY

PHP/5.5.9-1ubuntu4.20

CONTENT-TYPE

utf-8

GOOGLE PREVIEW

wonderkun's|blog | share with you!! | wonderkun.cc Reviews

https://wonderkun.cc

这是一个mysql的注入绕过类题目,相对来说是很简单的题目了,由于近来在学习基于正则的waf的绕过技巧,此处就拿此题作引子,引出下面的各种姿势吧. Sanitize($ GET['name']):die(); $query = 'select intro from baimaozi where name= ' .$name.' ' or nick= ' .$name.' ' limit 1'; echo $query; if (preg match('/[ a-zA-Z0-9 ]union[ a-zA-Z0-9 ]/i', $name) preg match('/ union[ a-zA-Z0-9 ]/i', $name) { echo not allow; exit; } $result = mysql query($query); $row = mysql fetch array($result); echo $row[0];. 可以看到过滤了,单引号,双引号,/,*,还有点;. 变量是用单引号包裹的,注入的时候却过滤了单引号,这就出现了一个问题,怎么在没有单引号的情况下闭合掉单引号? Name=o...

INTERNAL PAGES

wonderkun.cc

1

wonderkun's|blog ‹ 登录

http://wonderkun.cc/index.html/wp-admin

Larr; 回到wonderkun's blog.

UPGRADE TO PREMIUM TO VIEW 0 MORE

TOTAL PAGES IN THIS WEBSITE

1

LINKS TO THIS WEBSITE

bear2.cn

http://bear2.cn/page/3

Web service系列二几个广义的web service实现. Web service系列一什么是web service.

bear2.cn

201609 - bear2.cn

http://bear2.cn/record/201609

原文来自知乎 https:/ zhuanlan.zhihu.com/p/22298664 .

bear2.cn

Python进阶学习小结-1

http://bear2.cn/post/25

Ps此处的进阶是相对Python最基本语法而言，如果想要更进一步，利用Python开发类似Openstack这种的话，推荐 Python高手之路，英文名字 The Hacker‘s Guide To Python。 Kwargs允许你将不定长度的键值对(key,value), 作为参数传递给一个函数。 Another arg from argv:". Arg from argv 1. Arg from argv 2. First normal arg: 1. Another arg from argv: 2. Another arg from argv: 3. 如代码所示 *args和 * kwargs是很容易将不定量参数传递给函数的，通过函数等量参数声明或者for循环方式一一读出。此外，如果函数里有 test args(f arg, *argv)这种，可以直接额外直接读取出第一个传过去的参数。参考 https:/ docs.python.org/2/library/pdb.html. Or https:/ docs.python.org/3/library/pdb.html.

bear2.cn

《人人都是产品经理》读后感

http://bear2.cn/post/33

bear2.cn

201608 - bear2.cn

http://bear2.cn/record/201608

参考了这篇文章http:/ bbs.chinaunix.net/thread-4244844-1-1.

bear2.cn

201604 - bear2.cn

http://bear2.cn/record/201604

bear2.cn

【Welcome】欢迎来到熊乐园

http://bear2.cn/post/22

在建python的wiki式学习网站 Pyhon文库网 http:/ pydocs.cn. Laquo; 一 Protocol Buffers的简单介绍.

bear2.cn

Python进阶学习--一行式小结

http://bear2.cn/post/28

Python -m SimpleHTTPServer # Python 3. Python -m http.server. Pprint my dict = { 'name'. Cat file.json python -m json.tool. Python -m cProfile my script.py. Python -c "import csv,json;print json.dumps(list(csv.reader(open('csv file.csv') ) ". 您可以通过使用itertools包中的itertools.chain.from iterable轻松快速的辗平一个列表。 A list = [ 1, 2], [3, 4], [5, 6]. Print(list(itertools.chain.from iterable(a list) ). Output: [1, 2, 3, 4, 5, 6]. Print(list(itertools.chain(*a list) ). Output: [1, 2, 3, 4, 5, 6].

bear2.cn

微语 - bear2.cn

http://bear2.cn/t

UPGRADE TO PREMIUM TO VIEW 11 MORE

TOTAL LINKS TO THIS WEBSITE

20

OTHER SITES

wonderkris.skyrock.com

wonderKris's blog - Kris le magnifique - Skyrock.com

09/03/2013 at 4:47 AM. 10/03/2013 at 9:43 AM. Subscribe to my blog! Attention chère amis je débarque! Pour moi l'amour n'existe pas, mon cœur n'appartiens qu'a moi. Si tu me veux tu n'auras que mon corps Et si tu essaye de voler mon cœur tu en souffrira à toi de voir. The author of this blog only accepts comments from friends. You haven't logged in. Click here to post a comment using your Skyrock username. And a link to your blog, as well as your photo, will be automatically added to your comment.

wonderkrispen.com

www.wonderkrispen.com

wonderkristal.com

Wonder Kristal | Batu Ajaib Pencegah Bau Badan | Batu Kristal Penghilang Bau Ketiak | Obat Bau Badan

Solusi Aman Bau Badan and Bau Ketiak. Adalah air yang di keluarkan oleh kelenjar keringat. Kandungan utama dalam keringat adalah SODIUM KLORIDA serta bahan lain seperti 2-metifenol (O- Kresol) dan 4-metifenol (p-kresol) -. Kenapa tubuh berkeringat dan apa kegunaanya bagi tubuh kita? Ketika temperatur tubuh meningkat, maka dalam usahanya untuk mempertahankan suhu yang ideal tubuh kita mengeluarkan keringat. Penguapan air dari keringat itu membuat temperatur suhu menurun dan kita merasakan sensasi ding...

wonderkroon.com

Hostnet: De grootste domeinnaam- en hostingprovider van Nederland.

Alles voor ondernemend Nederland. Een andere domeinnaam registreren bij Hostnet? Hostnet is met 800.000 registraties de domeinspecialist van Nederland.

wonderkruin.co.za

Home

If you need us please contact us on 012 331 1675.

wonderkun.cc

wonderkun's|blog | share with you!!

这是一个mysql的注入绕过类题目,相对来说是很简单的题目了,由于近来在学习基于正则的waf的绕过技巧,此处就拿此题作引子,引出下面的各种姿势吧. Sanitize($ GET['name']):die(); $query = 'select intro from baimaozi where name= ' .$name.' ' or nick= ' .$name.' ' limit 1'; echo $query; if (preg match('/[ a-zA-Z0-9 ]union[ a-zA-Z0-9 ]/i', $name) preg match('/ union[ a-zA-Z0-9 ]/i', $name) { echo not allow; exit; } $result = mysql query($query); $row = mysql fetch array($result); echo $row[0];. 可以看到过滤了,单引号,双引号,/,*,还有点;. 变量是用单引号包裹的,注入的时候却过滤了单引号,这就出现了一个问题,怎么在没有单引号的情况下闭合掉单引号? Name=o...

wonderkussen.com

wonderkussen.com - wonderkussen Resources and Information.

This page provided to the domain owner free. By Sedo's Domain Parking. Disclaimer: Domain owner and Sedo maintain no relationship with third party advertisers. Reference to any specific service or trade mark is not controlled by Sedo or domain owner and does not constitute or imply its association, endorsement or recommendation.

wonderkut.nl

vrouwen spelen met hun natte wonderkut

Vrouwen spelen met hun natte wonderkut. Rijpe Kut, Harige Kut, Natte Kut, Volgespoten Kut etc Op Wonderkut.nl. Websites: Zwaar Behaarde Vagina. De geilste en natste vrouwen zitten nu thuis achter hun webcam met hun sopkut te spelen! Flirt met hete vrouwen die op zoek zijn naar een sekscontact. Maak hier GRATIS je eigen dating profiel aan! Vrienden van Wonderkut.nl:. Vrienden van Wonderkut.nl:. Vrienden van Wonderkut.nl:. Vrienden van Wonderkut.nl:. Ben jij al geil? Trade Traffic Met Wonderkut.nl.

wonderkyushu.com

THE WONDER OF KYUSHU

The Kyushu Best Experience Routes.

wonderl-nd.webnode.cz

~Tessie's Wonderl△nd

ღDon't wait for the perfect moment. Take the moment and make it perfectღ. Blog je nyní pozastaven. Nový blog zde purple-tess.blogspot.cz. Přesouvám se tedy na nový blog zde purple-tess.blogspot.cz Začnu od začátku, takže vše co je na tomhle blogu tu zůstane. Zatím ho ještě nebudu rušit, psát už sem ale nebudu. Prosím všechny affs aby se zapsali na můj nový blog, ať vím koho si ponechat. Tenhle blog si tedy můžete z. Musím přiznat, že sem málem dostala infarkt. Tohle byl prostě můj sen, zažít nějaký.

wonderl0ve.skyrock.com

Blog de WonderL0VE - Et puis sans m'en rendre compte, tu est passer de mon coeur a ma mémoire.. - Skyrock.com

Mot de passe :. J'ai oublié mon mot de passe. Et puis sans m'en rendre compte, tu est passer de mon coeur a ma mémoire. Chaque soir, avant de s'endormir on se berce de mensonges dans l`espoir qu'au petit matin, tout devienne réalité. 8466;ove is perfect with you. L'amour n'est pas qu'une souffrance, l'amour peut-être une délivrance. Si l'ont rencontre la bonne personne, au bon moment. Tu est ma bonne personne. Ma plus belle passion. ♔. Tu a marquer ma vie, a l'encre de ton coeur (B) 3. Mise à jour :.