A industry-leading free, high-performance, AI and semantic technology web application and API security protection product - uuWAF. 一款工业级免费、高性能、高扩展,支持AI和语义引擎的Web应用和API安全防护产品-南墙。Web应用防火墙、WAF、WAAP
如上图,响应包存在以下文本
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ']-(SELECT/**_**/0/**_**/WHERE/**_**/1028=1028/**_**/AND/**_**/6204=(SELECT/**_**' at line 1
同时,我已经将“SQL报错检测”的默认策略改为响应包长度大于2如下图
You have an error in your SQL syntax(?: near|;)该正则未正确判断响应包中敏感信息
Safe3
commented
2 months ago
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ']-(SELECT/**_**/0/**_**/WHERE/**_**/1028=1028/**_**/AND/**_**/6204=(SELECT/**_**' at line 1同时,我已经将“SQL报错检测”的默认策略改为响应包长度大于2如下图You have an error in your SQL syntax(?: near|;)该正则未正确判断响应包中敏感信息再次建议将本策略改为兼容pikachu等等靶场的策略,以增加甲方采购前试用的竞争性