Hello All,
Welcome to HaxWorm. The Place where we Show you the Way to Play with Security.
Recently I've Posted Sql-Injection-Tutorial-Part1
Now I'm going to Share How to Bypass WAFs.
WAF - Web Application Firewall.
I'm Assuming That You all Know About SQLi. if NO! Please Read PART1
Now ,
I'll Tell How to Bypass The things Which are Being filtered.
- Spaces
We Can use /**/ Alternatively.
- , (Commas)
You can using => %2C
- What if Union and Select Both are not Allowed.
Execute Like this - Union (select x,y,z)--+HaxWorm
- What if Concat is Not Allowed.
Use CONVERT,Unhex(hex),Conver using latin1,convert using binary,aes_decrypt(aes_encrypt) & so on.
- what if Query Execution is Not allowed?
use # (%23) to Comment out Query
- Incase We Can't use any of these Predictions
You can use (Join (select x)y ) Queries
and so on.
Sql Waf Bypassing is Totally Your IDEA That how to Bypass the Things Which are getting Bypassed. Anyway Hope You Have Enjoyed it.
If You Didn't Get Still. Please Let me Know by commenting Down, I'll Get Back to you As soon as Possible.
