目录 一、SQL注入绕过 二、文件上传绕过 三、xss绕过 一、SQL注入绕过 WAF绕过基础分析和原理、注入绕过WAF方法分析https://blog.csdn.net/qq_53079406/article/details/123147690?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522165302812016782395326526%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=165302812016782395326526&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_ecpm_v1~rank_v31_ecpm-1-123147690-null-null.nonecase&utm_term=waf&spm=1018.2226.3001.4450 WAF你绕过去了嘛?没有撤退可言https://blog.csdn.net/qq_53079406/article/details/123162648?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522165302812016782395326526%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=165302812016782395326526&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_ecpm_v1~rank_v31_ecpm-2-123162648-null-null.nonecase&utm_term=waf&spm=1018.2226.3001.4450 二、文件上传绕过 文件上传【绕WAF】【burpsuite才是王道】数据溢出、符号字符变异……https://blog.csdn.net/qq_53079406/article/details/123525882?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522165302812016782395326526%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=165302812016782395326526&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_ecpm_v1~rank_v31_ecpm-3-123525882-null-null.nonecase&utm_term=waf&spm=1018.2226.3001.4450 三、xss绕过 【xss工具绕过】xss之burpsuite、前端、字典……https://blog.csdn.net/qq_53079406/article/details/123901334?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522165302812016782395326526%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=165302812016782395326526&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_ecpm_v1~rank_v31_ecpm-15-123901334-null-null.nonecase&utm_term=waf&spm=1018.2226.3001.4450 【xss绕过集合】一般测试步骤、触发事件、干扰、编码……https://blog.csdn.net/qq_53079406/article/details/123901260?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522165302812016782395326526%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=165302812016782395326526&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_ecpm_v1~rank_v31_ecpm-16-123901260-null-null.nonecase&utm_term=waf&spm=1018.2226.3001.4450