Our social:

Sunday, 3 June 2012

HOW TO BYPASS WEB APPLICATION FIREWALL WHILE SQL INJECTION


1. Comments


They allow us to bypass alot of the restrictions of Web application firewalls and to kill certain SQL statements to execute the attackers commands while commenting out the actual legitimate query. Some comments in SQL:


//; --; /**/; #; -+; -- -;


2. Case Changing


Some WAF's only filter lowercase attacks, so if we change the case, we could bypass it. Example:


http://example.com/index.php?id=1/**/UnIoN/**/SeLeCt/**/1,2/* <- I also implented comments here.


3. Inline comments





Some WAF's filter key words like /union\sselect/ig We can bypass this filter by using inline comments most of the time, More complex examples will require more advanced approach like adding SQL keywords that will further separate the two words:

id=1/*!UnIoN*/SeLeCT

As you can see, our query is between /*!code*/, so between these characters this query will be executed.

0 comments: