HOW TO BYPASS WEB APPLICATION FIREWALL WHILE SQL INJECTION
1. Comments
They allow us to bypass alot of the restrictions of Web application firewalls and to kill certain SQL statements to execute the attackers commands while commenting out the actual legitimate query. Some comments in SQL:
//; --; /**/; #; -+; -- -;
2. Case Changing
Some WAF's only filter lowercase attacks, so if we change the case, we could bypass it. Example:
http://example.com/index.php?id=1/**/UnIoN/**/SeLeCt/**/1,2/* <- I also implented comments here.
3. Inline comments
Some
WAF's filter key words like /union\sselect/ig We can bypass this
filter by using inline comments most of the time, More complex examples
will require more advanced approach like adding SQL keywords that will
further separate the two words:
id=1/*!UnIoN*/SeLeCT
As you can see, our query is between /*!code*/, so between these characters this query will be executed.
0 comments:
Post a Comment